Sandworm: C2 over HTTP Emulation
Discover how Advanced Persistent Threat (APT) Actors such as Sandworm use Web application protocols to establish command and control with victim environments.
What you'll learn
During the 2022 Ukraine Electric Power Attack, the Sandworm Team deployed the Neo-REGEORG web shell on an internet-facing server. Web shells provide persistent remote access, facilitate privilege escalation, enable pivoting, and allow attackers to launch further attacks. They exploit various web vulnerabilities, including the use of dangerous PHP functions, inadequate user input sanitization, and the failure to implement file type allow listing. In the course Sandworm: C2 over HTTP Emulation, you will learn how advanced persistent threats (APTs) exploit these vulnerabilities to deploy web shells and gain full control of victim systems.
Table of contents
About the author
Matt is a cyber security author and researcher here at Pluralsight. A certified penetration tester and incident handler, he created Pluralsight's CompTIA Pentest+ Specialized Attacks courses as well our courses on wireless, ICS/OT and hardware hacking. Matt has also helped to build our security labs portfolio; labs that help you get hands-on to understand the threats and vulnerabilities your organization faces today. With a background in Chemical Engineering, Matt's focus is on the security ... more