A vanilla reverse shell or vanilla bind shell is a shell established through the exploitation of a vulnerability that lacks user experience features provided by a shell that is executed under normal circumstances.
Vanilla shells may be upgraded for a better user experience.
Defenders should be on the lookout for commands used to upgrade vanilla shells, as they are a good indicator that an attacker is active in the environment.