I've lost count of how many #React2Shell exploits our initial access intel group has reviewed, but it's a lot. Canary detections also going brr, unsurprisingly.
@yeslikethefood has a new blog out with:
• Common exploit variants and potential payload modifications
• The current PoC ecosystem
• VulnCheck canary detections (exploit attempts ongoing)
• Attack path observations
• Challenges for defenders, namely around detection
We've also released our in-memory webshell.
https://www.vulncheck.com/blog/reacting-to-shells-react2shell-variants-ecosystem