She Sells Web Shells by the Seashore (Part III)  - Truesec Analysis  Protected Access  The web shell starts by initializing a PHP session: if the session already exists, the variables are retrieved in

The art of not being shellfish, is something that my colleague Jean-Francois Gobin at Truesec CSIRT have mastered. He's sharing part III in his series about web shells - amazing read and you can find it (and the two previous parts), here: www.truesec.com/hub/blog/she...