Navigating The Shadows
  • About This Gitbook
  • Red Team Operations
    • Initial Access
      • Webshells
        • Java (JSP) - Bring Your Own Jar
        • IIS - SOAP
      • Macro Attacks
        • Talking Documents with SpVoice COM
        • Binary File Write via Microsoft Speech API
        • Mark-Of-The-Web Bypass with 7-zip
    • Azure and O365
      • PRT Abuse from Userland with Cobalt Strike
      • Enumerate Azure AD with AzureHound from Userland
    • AWS
      • Role Abuse: SSM
    • OffSecOps
      • Arsenal Aggressor Script
  • Red Team Infrastructure
    • AWS
      • Connectionless Ansible Deployment with Terraform via SSM
  • Training
    • Operational Purple Teaming for Defenders
  • Training Reviews
    • Offensive Security
      • OSED
  • VULNERABILITY RESEARCH
    • RCE In HPE Insight Cluster Management Utility (CVE-2024-13804)
Powered by GitBook
On this page
  1. Red Team Operations
  2. Initial Access

Webshells

This category talks about webshells. Our aim is usually to load a C2 framework from the webshell or execute other code without spawning suspicious subprocesses from the web server process.

PreviousInitial AccessNextJava (JSP) - Bring Your Own Jar

Last updated 11 months ago

Java (JSP) - Bring Your Own Jar
IIS - SOAP