Post compromise shell detected

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1190-exploit-public-facing-application

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Goal

Detect attempts to create an interactive shell from common web or application processes.

Strategy

Many applications (for example, certain databases, web servers, and search engines) are hosted by binaries that run on the host. Attackers may take advantage of flaws in programs built with these applications (for example, SQL injection on a database running as a Java process).

This detection triggers when a process spawns common shell utilities, HTTP utilities, or shells with arguments that are known to be used to establish shells on the targeted asset. If this is unexpected behavior, it could indicate an attacker is attempting to compromise your host.

Requires Agent version 7.27 or later.