I published the following diary on isc.sans.org: “Another webshell, another backdoor!“. I’m still busy to follow how webshells are evolving… I recently found another backdoor in another webshell called “cor0.id”. The best place to find webshells remind pastebin.com[1]. When I’m testing a webshell, I copy it in a VM located
[The post [SANS ISC] Another webshell, another backdoor! has been first published on /dev/random]

https://blog.rootshell.be/2017/09/14/sans-isc-another-webshell-another-backdoor/