{"id":1778,"date":"2022-08-19T23:53:20","date_gmt":"2022-08-19T14:53:20","guid":{"rendered":"https:\/\/manvscloud.com\/?p=1778"},"modified":"2022-10-25T20:46:53","modified_gmt":"2022-10-25T11:46:53","slug":"ncp-%ed%96%89%ec%9c%84-%ea%b8%b0%eb%b0%98-%ec%8b%a4%ec%8b%9c%ea%b0%84-%ec%9b%b9%ec%89%98-%ed%83%90%ec%a7%80-webshell-behavior-detectorwbd","status":"publish","type":"post","link":"https:\/\/manvscloud.com\/?p=1778","title":{"rendered":"[NCLOUD] \ud589\uc704 \uae30\ubc18 \uc2e4\uc2dc\uac04 \uc6f9\uc258 \ud0d0\uc9c0, WebShell Behavior Detector(WBD)"},"content":{"rendered":"\n

\uc548\ub155\ud558\uc138\uc694. ManVSCloud \uae40\uc218\ud604\uc785\ub2c8\ub2e4.<\/p>\n\n\n\n

\uc624\ub298\uc740 \ub124\uc774\ubc84 \ud074\ub77c\uc6b0\ub4dc\uc758 WebShell Behavior Detector \uc11c\ube44\uc2a4\uc5d0 \ub300\ud574 \uc54c\uc544\ubcf4\ub294 \ud3ec\uc2a4\ud305\uc785\ub2c8\ub2e4.<\/p>\n\n\n\n

\n\n\n\n

WebShell Behavior Detector(WBD)\uc758 \ud0c4\uc0dd<\/strong><\/h3>\n\n\n\n

: WebShell Behavior Detector, \uc774\ub984 \uadf8\ub300\ub85c \uc6f9\uc258\uc744 \ud589\ub3d9 \uae30\ubc18\uc73c\ub85c \ud0d0\uc9c0\ud558\ub294 \uc11c\ube44\uc2a4\uc785\ub2c8\ub2e4.
\uc6f9\uc258\uc5d0 \ub300\ud55c \uc218\ub2e8\uc73c\ub85c \ub098\uc624\uac8c \ub418\uc5c8\uc8e0.<\/p>\n\n\n\n

\u203b Web Shell \uc774\ub780?<\/h5>\n\n\n\n

\u2022 \uc11c\ubc84 \uc0ac\uc774\ub4dc \uc2a4\ud06c\ub9bd\ud2b8 \ucf54\ub4dc (PHP, JSP, ASP \ub4f1)
\u2022 \uc6f9 \uc0ac\uc774\ud2b8\uc5d0\uc11c Shell\uc758 \uae30\ub2a5\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc788\uac8c \ud558\uc5ec \uc2dc\uc2a4\ud15c\uc744 \uc545\uc758\uc801\uc73c\ub85c \ucee8\ud2b8\ub864 \ud560 \uc218 \uc788\ub3c4\ub85d \uc81c\uc791\ub41c \ucf54\ub4dc<\/p>\n\n\n\n

\u203b WBD\uc758 \uc8fc\uc694 \uae30\ub2a5<\/h5>\n\n\n\n

\u2022 Agent \ubc29\uc2dd
\u2022 \ud589\uc704 \uae30\ubc18 \uc2e4\uc2dc\uac04 \ud0d0\uc9c0
\u2022 Only Linux
\u2022 Apache, Tomcat, Nginx \uc9c0\uc6d0
\u2022 \uac00\uc0c1\ud654 \ud50c\ub7ab\ud3fc \ud658\uacbd \ubbf8\uc9c0\uc6d0
\u2022 \uc54c\ub9bc \uae30\ub2a5
\u2022 Console\uc5d0\uc11c \ud30c\uc77c \uaca9\ub9ac \ubc0f \ubcf5\uad6c
\u2022 \uc6f9\uc258 \uc758\uc2ec \ud589\uc704 \uc815\ubcf4 \ubc0f \uc774\ub825 \uad00\ub9ac
\u2022 \uc608\uc678 \uaddc\uce59 \uc124\uc815<\/p>\n\n\n\n

Agent \ubc29\uc2dd\uc774\ub77c \uc11c\ubc84 \ub0b4\uc5d0 Agent\ub97c \uc124\uce58\ub9cc\ud558\uba74 \uc11c\ubc84\uc5d0\uc11c \ub354 \uc774\uc0c1 \ud574\uc904 \uac83\uc774 \uc5c6\uc2b5\ub2c8\ub2e4.
\ub610\ud55c \ud328\ud134 \uae30\ubc18\uc774 \uc544\ub2cc \ud589\uc704 \uae30\ubc18 \ud0d0\uc9c0\ub77c \ub09c\ub3c5\ud654\ub098 \uc554\ud638\ud654 \uadf8\ub9ac\uace0 \ucd5c\uc2e0 \ud328\ud134\uc5d0\ub3c4 \uac15\ub825\ud558\uac8c \ub300\uc751\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n

(\ud574\ub2f9 \uc11c\ube44\uc2a4\ub294 kubernetes \ubc0f Docker\uc640 \uac19\uc740 \uac00\uc0c1 \ud658\uacbd\uc5d0\uc11c\ub294 \uc0ac\uc6a9\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4.)<\/p>\n\n\n\n

\n\n\n\n

How?<\/h3>\n\n\n\n

\u203b Agent \uc124\uce58 & \ud0d0\uc9c0 \ub300\uc0c1 \uc11c\ubc84 \ucd94\uac00<\/h5>\n\n\n\n

\uc11c\ubc84\uc5d0\uc11c \uc544\ub798 3\uac1c\uc758 \uba85\ub839\ub9cc \uc785\ub825\ud558\uc2dc\uba74 \ub354 \ud574\uc904 \uac83\uc774 \uc5c6\uc2b5\ub2c8\ub2e4. \ub9e4\uc6b0 \uac04\ub2e8!<\/p>\n\n\n\n

\u2022 wget https:\/\/wbd.ncloud.com:18088\/agent\/wbd_installer.sh -O wbd_installer.sh
\u2022 chmod a+x wbd_installer.sh
\u2022 .\/wbd_installer.sh<\/p>\n\n\n\n

\uc774\ud6c4 \ub124\uc774\ubc84 \ud074\ub77c\uc6b0\ub4dc \ucf58\uc194\uc5d0\uc11c \ud0d0\uc9c0\ud560 \uc11c\ubc84\ub9cc \uc120\ud0dd\ud574\uc8fc\uba74 \ub429\ub2c8\ub2e4.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\n\n\n\n

Hands On Lab<\/h3>\n\n\n\n

WebShell Behavior Detector\uac00 \uc798 \uc791\ub3d9\ud560\uae4c?<\/p>\n\n\n\n

\ud55c \ubc88 \ud14c\uc2a4\ud2b8\ub97c \ud574\ubd05\uc2dc\ub2e4. \uba3c\uc800 DocumentRoot\uc5d0 \uc6f9\uc258 \ud30c\uc77c\uc744 \ud558\ub098 \uc0dd\uc131\ud558\uc600\uc2b5\ub2c8\ub2e4. (ws.php)<\/p>\n\n\n\n

<?php\n\necho 'Enter a Command:<br>';\necho '<form action=\"\">';\necho '<input type=text name=\"cmd\">';\necho '<input type=\"submit\">';\necho '<\/form>';\n\nif(isset($_GET['cmd'])){\n        system($_GET['cmd']);\n}\n\n?><\/pre>\n\n\n\n
\uac04\ub2e8\ud558\uac8c \ud3fc\uc744 \ub9cc\ub4e4\uace0 system \uba85\ub839\uc5b4\ub97c \uc2e4\ud589\ud558\ub294 \ud568\uc218\uac00 \ud3ec\ud568\ub41c \uc18c\uc2a4\uc785\ub2c8\ub2e4.<\/p>\n\n\n\n
\uadf8\ub9ac\uace0 \uc6f9 \ube0c\ub77c\uc6b0\uc800\uc5d0\uc11c \uc0dd\uc131\ud55c php \ud30c\uc77c\ub85c \uc811\uc18d\ud574\ubd05\uc2dc\ub2e4.
ex) https:\/\/www.example.com\/ws.php <\/p>\n\n\n\n
cat \uba85\ub839\uc5b4\ub97c \uc774\uc6a9\ud558\uc5ec \uc6f9 \uc0ac\uc774\ud2b8\uc5d0\uc11c \/etc\/passwd \ud30c\uc77c\uc744 \ucd9c\ub825\ud558\uba74 \uc544\ub798\uc640 \uac19\uc774 \ucd9c\ub825\ub418\ub294 \uac83\uc744 \uc54c \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n
<\/a>
<\/div><\/div>
\ud30c\uc77c \uc5c5\ub85c\ub4dc \uacf5\uaca9 \ubc0f \uc2e4\uc2b5<\/div>
\ud30c\uc77c \uc5c5\ub85c\ub4dc \uacf5\uaca9 :\ud30c\uc77c \uc5c5\ub85c\ub4dc \uae30\ub2a5\uc5d0 \uc801\uc808\ud55c \ubcf4\uc548 \ub300\ucc45\uc774 \uc801\uc6a9\ub418\uc5b4 \uc788\uc9c0 \uc54a\uc744 \ub54c \ud30c\uc77c \uc5c5\ub85c\ub4dc \ucde8\uc57d\uc810\uc774 \ubc1c\uc0dd\ud55c\ub2e4. \ub9cc\uc57d, \uc774\ub7ec\ud55c \ud30c\uc77c \uc5c5\ub85c\ub4dc \uae30\ub2a5\uc744 \uad6c\ud604\ud560 \ub54c \uc544\ubb34 \ud30c\uc77c\uc774\ub098 \uc5c5\ub85c\ub4dc \ud560 \uc218 \uc788\uac8c \ud5c8\uc6a9\ub41c\ub2e4\uba74, \uacf5..<\/div><\/div><\/div>\n\n\n
WebShell Behavior Detector\ub97c \uc0ac\uc6a9\ud55c\ub2e4\uba74 \uc774\ub7f0 \uc0c1\ud669\uc5d0\uc11c \uc5b4\ub5bb\uac8c \uc0ac\uc6a9\ud560 \uc218 \uc788\uc744\uae4c?<\/p>\n\n\n\n
\uba3c\uc800 E-mail\uc774\ub098 \ubb38\uc790\ub85c \uc6f9\uc258\uc774 \ud0d0\uc9c0\ub418\uc790\ub9c8\uc790 \ub4f1\ub85d\ud55c \uc218\uc2e0\uc790\uc5d0\uac8c \uc54c\ub9bc\uc744 \ud574\uc90d\ub2c8\ub2e4.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\uc6f9\uc258\uc774 \ud0d0\uc9c0\ub410\uc2b5\ub2c8\ub2e4!! (E-mail\ub85c\ub294 \ub354 \uc790\uc138\ud558\uac8c \uc548\ub0b4\ub429\ub2c8\ub2e4.)<\/p>\n\n\n\n
\uadf8\ub7fc \uc774\uc81c \ucf58\uc194\uc5d0\uc11c \ud655\uc778\ud574\ubd05\uc2dc\ub2e4.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\uc5b4\ub290 \uc11c\ubc84\uc5d0\uc11c \uc6f9\uc258 \ud30c\uc77c\uc744 \uc774\uc6a9\ud558\uc5ec \uc5b4\ub5a4 \uba85\ub839\uc5b4\uac00 \uc0ac\uc6a9\ub410\ub294\uc9c0 \uc758\uc2ec \ud30c\uc77c\uacfc \uc758\uc2ec IP \ub4f1\uc744 \uc54c\ub824\uc90d\ub2c8\ub2e4.<\/p>\n\n\n\n
\uc6f9\uc258, \uc6f9\uc5d0\uc11c \uc2dc\uc2a4\ud15c \uba85\ub839\uc5b4\ub97c \uc2e4\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. 
\uadf8\ub7f0\ub370 \uac1c\ubc1c\uc790\uac00 \uc774\ub97c \uc758\ub3c4\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\ub294 \uacbd\uc6b0\ub3c4 \ubd24\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n
\uadf8\ub807\uae30\ub54c\ubb38\uc5d0 [\uc608\uc678 \ucc98\ub9ac]\ub97c \ud560 \uc218 \uc788\ub294 \uc608\uc678 \ucc98\ub9ac \uae30\ub2a5\ub3c4 \uc788\uc2b5\ub2c8\ub2e4.
\uadf8\ub9ac\uace0 [\ud30c\uc77c \uaca9\ub9ac\/\ubcf5\uad6c]\ub3c4 \ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. <\/p>\n\n\n\n
\uc5b4\ub5a4 \uc6a9\ub3c4\ub85c \uc0ac\uc6a9\ub418\ub294\uc9c0 \uc81c\ub300\ub85c \ud655\uc778\ub418\uc9c0 \uc54a\uace0 \ubb34\uc791\uc815 \ud30c\uc77c\uc744 \uaca9\ub9ac\ud558\uba74 \uc11c\ube44\uc2a4 \uc7a5\uc560\ub85c \uc774\uc5b4\uc9c8 \uc218 \uc788\uc2b5\ub2c8\ub2e4. <\/p>\n\n\n\n
\uc758\uc2ec \ud30c\uc77c\uc740 \ub9d0 \uadf8\ub300\ub85c \uc758\uc2ec\uc774 \ub418\ub2c8 “\uc774 \ud30c\uc77c\uc774 \uc815\uc0c1\uc801\uc778 \uac8c \ub9de\ub294\uc9c0 \ud655\uc778\ud574\ubd10.”\ub77c\uace0 \uc54c\ub824\uc8fc\ub294 \uac83\uc785\ub2c8\ub2e4.<\/p>\n\n\n\n
\uadf8\ub9ac\uace0 \uc758\uc2ec IP\uc758 \uacbd\uc6b0\uc5d0\ub294 \ucd94\uac00\uc801\uc73c\ub85c \ud655\uc778\ud574\uc57c\ud560 \uc0ac\ud56d\uc774 \uc788\ub294\ub370 \uc6f9 \uc11c\ubc84 \uc0c1\ub2e8\uc5d0 Load Balancer\ub97c \uc0ac\uc6a9\ud558\uace0 \uc788\ub2e4\uba74 IP\uac00 LB\uc758 IP\uc778 \uc0ac\uc124 IP\ub85c \ucc0d\ud788\uac8c \ub429\ub2c8\ub2e4.<\/strong><\/span><\/p>\n\n\n\n
\uc758\uc2ec IP\ub294 \uc6f9 \ub85c\uadf8\ub97c \ubcf4\uace0 \ud310\ub2e8\ud558\ub294 \uac83 \uac19\ub354\ub77c\uad6c\uc694?
\uc81c\uac00 \ud14c\uc2a4\ud2b8 \ud574\ubcf8 \uacb0\uacfc \uc0ac\uc124 IP\ub85c \ub098\uc624\ub294 \ubd80\ubd84\uc740 nginx\ub098 apache, \uc989 \uc0ac\uc6a9\ud558\ub294 \uc6f9 \uc11c\ubc84\uc5d0\uc11c X-Forwarded-For(XFF) \uc124\uc815\uc744 \ud574\uc8fc\uba74 \ub429\ub2c8\ub2e4.<\/p>\n\n\n\n
XXF \uc124\uc815 \ud6c4 \uc6f9\uc258 \ud0d0\uc9c0 \ud14c\uc2a4\ud2b8\ub97c \ucd94\uac00\uc801\uc73c\ub85c \uc9c4\ud589\ud558\uc600\uace0 \ub2e4\uc2dc \uc758\uc2ec IP\ub97c \ud655\uc778\ud574\ubcf4\ub2c8 LB\uc758 IP\uac00 \uc544\ub2cc \uc6f9\uc258\uc744 \uc2e4\ud589\ud55c \uacf5\uc778 IP\ub85c \uccb4\ud06c\ub418\ub294 \uac83\uc774 \ud655\uc778\ub410\uc2b5\ub2c8\ub2e4. <\/p>\n\n\n\n
\n\n\n\n
 Personal Comments<\/h3>\n\n\n\n
\uc6f9\uc258 \ud0d0\uc9c0 \uae30\ub2a5\uc740 \uc11c\ubc84 \ud638\uc2a4\ud305\uc744 \ud558\ub358 \ub54c\uc5d0 KISA\uc758 WHISTL\uc744 \ub9ce\uc774 \uc0ac\uc6a9\ud574\ubd10\uc11c \uc6f9\uc258\uc774 \ubb54\uc9c0, \uc5b4\ub5a4 \ucde8\uc57d\uc810\uc744 \ud1b5\ud574\uc11c \uc6f9\uc258\uc774 \uc0ac\uc6a9\ub418\ub294\uc9c0 \uc54c\uace0 \uc788\uc5c8\uae30\ub54c\ubb38\uc5d0 \uc811\uadfc\ud558\uae30 \uc26c\uc6b4 \uc11c\ube44\uc2a4\uc600\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n
\ud06c\uac8c WebShell Behavior Detector\uc5d0\ub294 \uc5b4\ub5a4 \uae30\ub2a5\uc774 \uc788\ub098 \uc815\ub3c4\ub9cc \uc0b4\ud3b4\ubcf4\uba74 \ub410\ub358…
\uc0ac\uc2e4 \ub3c8 \uc788\uc73c\uba74 WebShell Behavior Detector \ub300\uc2e0 IPS \uc4f0\uba74 \uadf8\ub9cc\uc774\uae34 \ud569\ub2c8\ub2e4.<\/p>\n\n\n\n
\uc804\uccb4\uc801\uc778 \uae30\ub2a5\uc774\ub098 \uc11c\ube44\uc2a4 \uba74\uc5d0\uc11c \uc9c1\uc811 \uc0ac\uc6a9 \ud574\ubcf8 \ud6c4\uae30\ub85c\ub294 \uc88b\uc740 \uc0c1\ud488\uc774\ub77c\uace0 \uc0dd\uac01\ud569\ub2c8\ub2e4.
\uae30\ub2a5\ub3c4 \ub2e4\uc591\ud558\uace0 \uc54c\ub9bc\ub3c4 \uc0c1\ub2f9\ud788 \ube68\ub790\uc2b5\ub2c8\ub2e4. \ubb34\uc5c7\ubcf4\ub2e4 \uc0ac\uc6a9\uc790\uac00 \ud3b8\ud558\uac8c \uc0ac\uc6a9\ud560 \uc218 \uc788\ub2e4\ub294 \uc810\uc774 \ucef8\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n
\uae34 \uae00 \uc77d\uc5b4\uc8fc\uc154\uc11c \uac10\uc0ac\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n
\n\n\n\n
\"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"
\uc548\ub155\ud558\uc138\uc694. ManVSCloud \uae40\uc218\ud604\uc785\ub2c8\ub2e4. \uc624\ub298\uc740 \ub124\uc774\ubc84 \ud074\ub77c\uc6b0\ub4dc\uc758 WebShell Behavior Detector \uc11c\ube44\uc2a4\uc5d0 \ub300\ud574 \uc54c\uc544\ubcf4\ub294 \ud3ec\uc2a4\ud305\uc785\ub2c8\ub2e4. WebShell Behavior Detector(WBD)\uc758 \ud0c4\uc0dd : WebShell Behavior Detector, \uc774\ub984 \uadf8\ub300\ub85c \uc6f9\uc258\uc744 \ud589\ub3d9 \uae30\ubc18\uc73c\ub85c \ud0d0\uc9c0\ud558\ub294 \uc11c\ube44\uc2a4\uc785\ub2c8\ub2e4. \uc6f9\uc258\uc5d0 \ub300\ud55c \uc218\ub2e8\uc73c\ub85c \ub098\uc624\uac8c \ub418\uc5c8\uc8e0. \u203b Web Shell \uc774\ub780? \u2022 \uc11c\ubc84 \uc0ac\uc774\ub4dc \uc2a4\ud06c\ub9bd\ud2b8 \ucf54\ub4dc (PHP, JSP, ASP \ub4f1)\u2022 \uc6f9 \uc0ac\uc774\ud2b8\uc5d0\uc11c Shell\uc758 \uae30\ub2a5\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc788\uac8c \ud558\uc5ec \uc2dc\uc2a4\ud15c\uc744 \uc545\uc758\uc801\uc73c\ub85c \ucee8\ud2b8\ub864 \ud560 \uc218 \uc788\ub3c4\ub85d \uc81c\uc791\ub41c \ucf54\ub4dc \u203b WBD\uc758 \uc8fc\uc694 \uae30\ub2a5 \u2022 Agent \ubc29\uc2dd\u2022 \ud589\uc704 \uae30\ubc18 \uc2e4\uc2dc\uac04 \ud0d0\uc9c0\u2022 Only Linux\u2022 Apache, Tomcat, Nginx \uc9c0\uc6d0\u2022 \uac00\uc0c1\ud654 \ud50c\ub7ab\ud3fc \ud658\uacbd \ubbf8\uc9c0\uc6d0\u2022 \uc54c\ub9bc \uae30\ub2a5\u2022 Console\uc5d0\uc11c \ud30c\uc77c \uaca9\ub9ac \ubc0f \ubcf5\uad6c\u2022 \uc6f9\uc258 \uc758\uc2ec \ud589\uc704 \uc815\ubcf4 \ubc0f \uc774\ub825 \uad00\ub9ac\u2022 \uc608\uc678 \uaddc\uce59 \uc124\uc815 Agent \ubc29\uc2dd\uc774\ub77c \uc11c\ubc84 \ub0b4\uc5d0 Agent\ub97c \uc124\uce58\ub9cc\ud558\uba74 \uc11c\ubc84\uc5d0\uc11c \ub354 \uc774\uc0c1 \ud574\uc904 \uac83\uc774 \uc5c6\uc2b5\ub2c8\ub2e4.\ub610\ud55c \ud328\ud134 \uae30\ubc18\uc774 \uc544\ub2cc \ud589\uc704 \uae30\ubc18 \ud0d0\uc9c0\ub77c \ub09c\ub3c5\ud654\ub098 \uc554\ud638\ud654 \uadf8\ub9ac\uace0 \ucd5c\uc2e0 \ud328\ud134\uc5d0\ub3c4 \uac15\ub825\ud558\uac8c \ub300\uc751\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. (\ud574\ub2f9 \uc11c\ube44\uc2a4\ub294 kubernetes \ubc0f Docker\uc640 \uac19\uc740 \uac00\uc0c1 \ud658\uacbd\uc5d0\uc11c\ub294 \uc0ac\uc6a9\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4.) How? \u203b Agent \uc124\uce58 & \ud0d0\uc9c0 \ub300\uc0c1 \uc11c\ubc84 \ucd94\uac00 \uc11c\ubc84\uc5d0\uc11c \uc544\ub798 3\uac1c\uc758 \uba85\ub839\ub9cc \uc785\ub825\ud558\uc2dc\uba74 \ub354 \ud574\uc904 \uac83\uc774 \uc5c6\uc2b5\ub2c8\ub2e4. \ub9e4\uc6b0 \uac04\ub2e8! \u2022 wget https:\/\/wbd.ncloud.com:18088\/agent\/wbd_installer.sh -O wbd_installer.sh\u2022 chmod a+x wbd_installer.sh\u2022 .\/wbd_installer.sh \uc774\ud6c4 \ub124\uc774\ubc84 \ud074\ub77c\uc6b0\ub4dc \ucf58\uc194\uc5d0\uc11c \ud0d0\uc9c0\ud560 \uc11c\ubc84\ub9cc \uc120\ud0dd\ud574\uc8fc\uba74 \ub429\ub2c8\ub2e4. Hands On Lab WebShell Behavior Detector\uac00 \uc798 \uc791\ub3d9\ud560\uae4c? \ud55c \ubc88 \ud14c\uc2a4\ud2b8\ub97c \ud574\ubd05\uc2dc\ub2e4. \uba3c\uc800 DocumentRoot\uc5d0 \uc6f9\uc258 \ud30c\uc77c\uc744 \ud558\ub098 \uc0dd\uc131\ud558\uc600\uc2b5\ub2c8\ub2e4. (ws.php) \uac04\ub2e8\ud558\uac8c \ud3fc\uc744 \ub9cc\ub4e4\uace0 system \uba85\ub839\uc5b4\ub97c \uc2e4\ud589\ud558\ub294 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"[NCP] \ud589\uc704 \uae30\ubc18 \uc2e4\uc2dc\uac04 \uc6f9\uc258 \ud0d0\uc9c0, WebShell Behavior Detector(WBD)","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[32,87,91,17,90,16,408,667,669,668,89,202,398,671,670,673,672],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/manvscloud.com\/index.php?rest_route=\/wp\/v2\/posts\/1778"}],"collection":[{"href":"https:\/\/manvscloud.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/manvscloud.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/manvscloud.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/manvscloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1778"}],"version-history":[{"count":4,"href":"https:\/\/manvscloud.com\/index.php?rest_route=\/wp\/v2\/posts\/1778\/revisions"}],"predecessor-version":[{"id":1916,"href":"https:\/\/manvscloud.com\/index.php?rest_route=\/wp\/v2\/posts\/1778\/revisions\/1916"}],"wp:attachment":[{"href":"https:\/\/manvscloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1778"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/manvscloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1778"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/manvscloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1778"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}