security: Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments
Microsoft Security Blog
2026-04-02
Microsoft describes a PHP webshell technique in Linux hosting environments that uses specially crafted HTTP cookies to gate execution. The post highlights obfuscation, php-fpm execution, and cron-based persistence as ways attackers hide activity and evade detection.