摘要
随着互联网的发展,Web服务器日趋增多,网络安全形势更加严峻。在此形势下,Webshell也日趋多样化,随着杀毒软件的跟进,Webshell需要更多的方式去隐藏自己的特征及行为。基于此,文章提出了基于系统日志、WMI等多元隐蔽方式加载Webshell,并探讨如何对其进行防护。
With the development of the internet,the number of Web servers is increasing,and the security situation is more severe.In this situation,Webshell is becoming more and more diversified.With the follow-up of anti-virus software,Webshell needs more ways to hide its characteristics and behavior.Considering this problem,this paper proposes to load Webshell based on multiple hidden methods such as system logs and WMI,and discusses how to protect them.
作者
管军霖
智鑫
赵森
GUAN Junlin;ZHI Xin;ZHAO Sen(School of computer and information security,Guilin University of Electronic Science and Technology,Guilin 541004,China)
基金
广西区可信重点实验室基金项目(PF15046X)
广西重点研发计划(桂科AB19110038)
广西高校中青年教师科研基础能力提升项目(2019KY0238)
广西大学生创新训练突发情況下基于大数据的中国铁路列车实时信息服务系统项目成果(项目编号:201810595253)。
