Compromised Web Server

Hi,

Web shell attack was detected on the internet-facing IIS web server. The attacker has likely taken advantage of a vulnerability in the web server software where an attacker was able to upload and execute malicious files ( Webshell payload, PowerShell scripts, netcat) and execute arbitrary commands.

The attacker performed reconnaissance using whoami, dir, and systeminfo to gather information about its environment and configuration.

AV was able to detect and stop the attack quickly before any harm could be done …

attack compromised configuration cybersecurity detect environment files iis information internet malicious netcat payload powershell powershell scripts reconnaissance scripts server shell software taken the web vulnerability web web server web shell webshell whoami