Anders Axhake
@anders.axhake.com
Principal Technical Architect and part of the Truesec Cyber Security Incident Response Team - CSIRT
The art of not being shellfish, is something that my colleague Jean-Francois Gobin at Truesec CSIRT have mastered. He's sharing part III in his series about web shells - amazing read and you can find it (and the two previous parts), here: www.truesec.com/hub/blog/she...
She Sells Web Shells by the Seashore (Part III) - Truesec
Analysis Protected Access The web shell starts by initializing a PHP session: if the session already exists, the variables are retrieved in
www.truesec.com
October 20, 2025 at 6:35 PM
The art of not being shellfish, is something that my colleague Jean-Francois Gobin at Truesec CSIRT have mastered. He's sharing part III in his series about web shells - amazing read and you can find it (and the two previous parts), here: www.truesec.com/hub/blog/she...