research poc
Behinder Webshell EDR Bypass via Nashorn Engine and MITM ProxyBehinder-EDR-Bypass
A proof-of-concept tool demonstrates bypassing endpoint detection and response (EDR) to deploy a Behinder webshell on a Java web server. It uses the Nashorn JavaScript engine to execute malicious code passed via HTTP parameters, minimizing static signatures in the JSP file, and employs a mitmproxy script to seamlessly integrate with the Behinder client.