WordPress Injection Exfiltrates Admin Login

WordPress Injection Exfiltrates Admin Login
wp-login.php injection silently exfiltrates a victim’s username and password back to the attacker’s server.
Read more →

Gel4y Mini Shell by Indonesian Darknet

Gel4y Mini Shell by Indonesian Darknet
Another PHP web shell that promises it can bypass ‘server security’.
Read more →

XBALTI Phishing Kits

XBALTI Phishing Kits
Analysis of the XBALTI phishing kits and their exfiltration techniques.
Read more →

PHP Minishell Backticks Redux

PHP Minishell Backticks Redux
A variant of the PHP backtick minishell that obfuscates a PHP superglobal to evade detection.
Read more →

lolzilla Skimmer: PHP or JS?

lolzilla Skimmer: PHP or JS?
lolzilla skimmer analyzes a visitor’s HTTP request to determine whether it can capture the visitor’s payment data using a PHP skimmer or if it should deploy a JavaScript skimmer onto the checkout page to capture the data.
Read more →
Disclaimer: The research posted on this website is for information purposes only. Do not use it for illegal purposes.