Attackers are always trying to come up with new ways to evade detection from the wide range of security controls available for web applications. This also extends to malware like PHP shells, which are typically left on compromised websites as a backdoor to maintain unauthorized access.
MARIJUANA is the name of a PHP shell that we have been tracking since last year. The author has a GitHub page which promotes a claim that the shell possesses a “stealth” mode, which can be used to bypass website security services like web application firewalls (WAFs).
Continue reading Obfuscation Techniques in MARIJUANA Shell “Bypass” at Sucuri Blog.