Spoofed 404s
Should you trust the HTTP response code when analyzing access logs for suspicious traffic?
DarkClownSecurity Web Shell
How a PHP web shell uses basic functions like tempname, require, and urldecode to remain lowkey.