Tags: blueteam 

Poll rating:

The web server?? How did the threat actor get access to the web server? Surely we have logs for that... It hosts a simple PHP website, nothing complex.

Find the malicious file.

Flag format: <filename>.<fileextension>

Example: mywebshell.aspx

Writeups

ActionRatingAuthor team
Read writeup
not rated
daffainfo
You need to authenticate and join a team to post writeups