- Course
Sandworm: C2 over HTTP Emulation
Discover how Advanced Persistent Threat (APT) Actors such as Sandworm use Web application protocols to establish command and control with victim environments.
Beginner
- Course
Sandworm: C2 over HTTP Emulation
Discover how Advanced Persistent Threat (APT) Actors such as Sandworm use Web application protocols to establish command and control with victim environments.
Beginner
Get started today
Access this course and other top-rated tech content with one of our business plans.
Try this course for free
Access this course and other top-rated tech content with one of our individual plans.
This course is included in the libraries shown below:
- Security
What you'll learn
During the 2022 Ukraine Electric Power Attack, the Sandworm Team deployed the Neo-REGEORG web shell on an internet-facing server. Web shells provide persistent remote access, facilitate privilege escalation, enable pivoting, and allow attackers to launch further attacks. They exploit various web vulnerabilities, including the use of dangerous PHP functions, inadequate user input sanitization, and the failure to implement file type allow listing. In the course Sandworm: C2 over HTTP Emulation, you will learn how advanced persistent threats (APTs) exploit these vulnerabilities to deploy web shells and gain full control of victim systems.
Sandworm: C2 over HTTP Emulation
Beginner
Table of contents
Matt has a degree in Chemical engineering and a PhD in mathematical chemistry. He is also a GIAC certified incident handler and penetration tester and has regulated cyber security in the UK civil nuclear sector for many years.