SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution Commonly Probed Webshell URLs Many attackers deploy web shells to gain a foothold on vulnerable web servers. These webshells can also be taken over by parasitic exploits. https://isc.sans.edu/diary/Commonly%20Probed%20Webshell%20URLs/31748 Undocumented ESP32 Commands A recent conference presentation by Tarlogic revealed several "backdoors" or undocumented features in the commonly used ESP32 Chipsets. Tarlogic also released a toolkit to make it easier to audit chipsets and find these hiddent commands. https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/ Camera Off: Akira deploys ransomware via Webcam The Akira ransomware group was recently observed infecting a network with Ransomware by taking advantage of a webcam. https://www.s-rminform.com/latest-thinking/camera-off-akira-deploys-ransomware-via-webcam keywords: webcam; akira; esp32; expressif; webshell;