Threat Hunting

avatar
Created by
GiganticAngonoka72710

Cards (2)

  • Reverse Shell
    • Reverse shell or often called connect-back shell is remote shell introduced from the target by connecting back to the attacker machine and spawning target shell on the attacker machine. This usually used during exploitation process to gain control of the remote machine.
    • The reverse shell can take the advantage of common outbound ports such as port 80, 443, 8080 and etc.
  • RevShell Techniques
    • Firstly, attacker exploit a vulnerability on a target system or network with the ability to perform a code execution.Then attacker setup listener on his own machine.Then attacker injecting reverse shell on vulnerable system to exploit the vulnerability.
    • In real cyber attacks, the reverse shell can also be obtained through social engineering, for example, a piece of malware installed on a local workstation via a phishing email or a malicious website might initiate an outgoing connection to a command server and provide hackers with a reverse shell capability.