Daniel Roberson - vanilla reverse shell

vanilla reverse shell

0001-01-01

A vanilla reverse shell or vanilla bind shell is a shell established through the exploitation of a vulnerability that lacks user experience features provided by a shell that is executed under normal circumstances.

Vanilla shells may be upgraded for a better user experience.

Defenders should be on the lookout for commands used to upgrade vanilla shells, as they are a good indicator that an attacker is active in the environment.

Links to this note

Recent Posts

Linux Persistence: Modular Software

2025-04-17 DFIR CTF persistence linux persistence apache asterisk

Linux Persistence: Web Shells

2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP

Linux Persistence: Rootkits

2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking

Linux Persistence: Processes

2025-04-11 DFIR persistence processes linux persistence processes

Defanging Linux LKM Rootkits With cleanup_module()

2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit