SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution

Mar 10, 2025

Discover the lurking dangers of web shells, which attackers use to infiltrate vulnerable servers while staying one step ahead. Learn about hidden backdoors in the popular ESP32 chipsets that could compromise IoT devices, thanks to recent findings from a conference presentation. Finally, be shocked by the Akira group's tactic of deploying ransomware through unsuspecting webcams, illustrating a new wave of innovative cyber threats. Enhance your security awareness with these intriguing insights!

06:45

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Web shells present a major security threat by allowing attackers to exploit vulnerabilities in web applications, necessitating strict control over server configurations.

Undocumented commands in ESP32 chipsets expose significant vulnerabilities that could be exploited in IoT devices, highlighting the need for thorough security audits.

Deep dives

Web Shells and Security Measures

Web shells continue to pose significant security risks, particularly when introduced through file upload and command injection vulnerabilities. Attackers often exploit these vulnerabilities by executing commands to download malicious web shells onto compromised servers. To mitigate these risks, it's crucial for organizations to establish a clear production lifecycle for their web applications, ensuring that they know which files are intended to be present on their servers. By maintaining awareness of expected configurations, it becomes easier to identify unauthorized changes and thwart potential attacks.

Exploring Web Shells, ESP32 Security Risks, and Malware via Webcams

7min

Commonly Probed Webshell URLs
Many attackers deploy web shells to gain a foothold on vulnerable web servers. These webshells can also be taken over by parasitic exploits.
https://isc.sans.edu/diary/Commonly%20Probed%20Webshell%20URLs/31748
Undocumented ESP32 Commands
A recent conference presentation by Tarlogic revealed several "backdoors" or undocumented features in the commonly used ESP32 Chipsets. Tarlogic also released a toolkit to make it easier to audit chipsets and find these hiddent commands.
https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
Camera Off: Akira deploys ransomware via Webcam
The Akira ransomware group was recently observed infecting a network with Ransomware by taking advantage of a webcam.
https://www.s-rminform.com/latest-thinking/camera-off-akira-deploys-ransomware-via-webcam

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Web Shells and Security Measures

IoT Security Concerns with ESP32 Chipsets

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights