Home / Companies / Crowdstrike / Blog / Post Details
Content Deep Dive

Mo' Shells Mo' Problems - File List Stacking

Blog post from Crowdstrike

Post Details
Company
Date Published
Author
RyanJ
Word Count
2,204
Company Posts That Month
Language
English
Hacker News Points
-
Post removed?
No
Summary

CrowdStrike discusses the challenges and methodologies involved in identifying web shells, specifically focusing on the detection of Deep Panda web shells, which are malicious scripts used by adversaries to gain remote access to victim systems. The process involves employing a technique known as file stacking to identify uncommon files by analyzing file creation times and paths across multiple servers, thereby detecting anomalies that could indicate malicious activity. The method focuses on searching specific directories and file extensions related to web hosting, highlighting the importance of timestamp analysis to differentiate between legitimate and suspicious activities. Additionally, the text emphasizes the importance of understanding the typical patterns of file creation and grouping to effectively isolate potential threats in a network environment.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
AI Agents 1 2,394 1,321 1 -
Zero Trust 1 1,843 1,331 3 +61333%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.