A weaponized document builder service known as LCG Kit added the ability to use Microsoft Word macros to load the necessary shellcode for installing malware.
Webshells are dangerous in the hands of APT groups. According to IBM Managed Security Services (MSS), 95 percent of webshell attacks are written in PHP.
Command injection attacks may not get a lot of hype, but they can be seriously damaging to an enterprise that isn't careful about its security.
IBM X-Force researchers have noted a dramatic increase in the use of malicious webshell attacks throughout the first half of 2016.
IBM MSS X-Force researchers found that C99 webshell attacks are increasing, particularly against content management systems such as WordPress.
Return Oriented Programming (ROP) is the general case of a technique often used when exploiting security vulnerabilities caused by memory corruption issues. ROP has become a more frequently used technique in the exploitation of memory corruption...
Like ICBM missiles, multistage exploit kits first launch a nonthreatening stage and then use the second stage to inflict damage without raising suspicion.