WebDAV

Web Distributed Authoring and Versioning is an extension of HTTP that allows clients to perform remote web content authoring, enabling users to collaboratively edit and manage files on remote web servers.

It enables users to collaboratively edit and manage files on remote web servers.

In the context of cybersecurity, WebDAV has been observed being abused by attackers as a delivery mechanism for malware. Attackers exploit WebDAV by hosting malicious files on WebDAV-enabled servers, tricking users into accessing and executing these files.

This technique is particularly effective because WebDAV traffic is often allowed through corporate firewalls and web proxies since it uses standard HTTP/HTTPS protocols. The abuse of WebDAV for malware delivery is a technique that has been observed in various cyber attack campaigns.

Read our latest blog articles

Product News

June 23, 2026

Sekoia’s new identity: Designed for clarity

Sekoia has partnered with branding agency Bruno to develop a new brand identity and digital experience that reflects who we really are.

Sekoia Team

Threat Research & Intelligence

TDR

June 11, 2026

APT28, an evolution of tradecraft

Sekoia TDR looks back at how APT28's arsenal has evolved over two decades, from its signature X-Agent implants to disposable modules, edge-device infrastructure and the first LLM-driven malware.

Amaury-Jacques GARCON

Threat Detection & Research Team

Threat Research & Intelligence

TDR

June 16, 2026

Unveiling ErrTraffic: inside a growing ClickFix malware distribution framework

This report details the ErrTraffic threat and its associated ecosystem, highlighting three specific campaigns and their operators' arsenal.

Jérémy SCION

Quentin BOURGUE

Threat Detection & Research Team