Web shells are often used to maintain access to a compromised web server. In this video, we'll explore another popular web shell called ORVX Shell v3. Our focus won't be so much on capabilities, but rather on deobfuscating the many layers of it's source code!
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 www.pluralsight.com/authors/j...
🌶️ KZbin 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻 / joshstroschein
🌎 Follow me 👉🏻 / jstrosch , / joshstroschein
⚙️ Tinker with me on Github 👉🏻 github.com/jstrosch
0:39 ORVX shell capabilities
2:03 Layer 1 of the obfuscation
3:04 Viewing the stages of the PHP code
3:30 Identifying EVALs, breaking up the code
3:45 Cyberchef to the rescue
4:23 Identifying the primary structure of the obfuscation
5:10 More EVALs, more obfuscation
5:44 Finding layer 2
8:48 Changes to the obfuscation
10:30 Devising a strategy
12:00 unPHP