/tags/kape/Recent content in Kape onHugoen-usSat, 02 May 2026 00:00:00 +0000/posts/webserver/Sat, 02 May 2026 00:00:00 +0000/posts/webserver/<ul> <li>Reading time : &ldquo;6 min&rdquo;</li> </ul> <h1 id="executive-summary">Executive Summary</h1> <ol> <li> <p><strong>Scope.</strong> A company web server was compromised via the hosted site. The team captured a forensic disk image and a live memory dump in time for offline analysis. Artifacts for this walkthrough: <a href="https://archive.org/details/dfir-case1" target="_blank">archive.org: dfir-case1</a>.</p> </li> <li> <p><strong>Web layer.</strong> Apache access and error logs show repeated OWASP-style abuse: SQL injection (including attempted <code>INTO OUTFILE</code> / upload-style payloads), reflected XSS, local file inclusion / path traversal, and an IDS log-clear request consistent with covering tracks on the app.</p>