Request a Demo


How to Stop Webshell Attacks Before They Start

Recorded on March 31, 2020

Webshells are a longstanding, popular tactic for attackers to modify, deface, or breach websites. This malware abuses functions in web languages to gain backdoor access and has persisted in popularity for over a decade due to readily available variants.

What does this look like to your security team? A threat actor exploits your website’s vulnerability and gains initial foothold onto a network via the web server. The attacker then uploads malicious files, downloads confidential files, or executes arbitrary commands.

Join Michael Barclay of Expel for strategic guidance on why attackers leverage webshells and how to effectively detect and stop them before they are installed.

Key Learnings

  • What is a webshell?
  • Why do attackers still leverage this decades-old tactic?
  • How do you detect webshell instances?
  • A walkthrough of the advanced detection methods using web request inspection

About our presenters

Michael Barclay

Sr. Detection & Response Engineer at Expel

Michael Barclay is a Senior Detection and Response Engineer at Expel, a managed detection and response provider based in Herndon, Virginia. Before joining Expel, Michael was responsible for threat intelligence and global detection as a Senior Security Analyst at Symantec’s Managed Security Services division.

Brendon Macaraeg

Sr. Director of Product Marketing at Signal Sciences

Brendon Macaraeg leads product marketing for Signal Sciences which protects the web presence of the world’s leading brands. Prior, Brendon led product marketing for the incident response and professional services division of CrowdStrike. He also led product marketing efforts for both the Norton consumer security products and Symantec's enterprise mobility and endpoint management.