port 4444

0001-01-01

Port 4444 is a common default port for Metasploit and other pentesting tools.

Defenders should pay close attention to traffic on this port and “4444” being present in a command line. The use of port 4444 is often a tell that a penetration tester is active within the environment, but many cybercriminals have also been observed using open-source tools with their default settings.


Links to this note