Security news aggregator

Latest coverage for Reverse Shell

A reverse shell lets an attacker control a compromised host remotely; egress filtering, least privilege, and endpoint monitoring can limit impact.

2 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A reverse shell is an interactive command channel that a compromised host initiates to a remote system controlled by an attacker. The remote endpoint listens while the victim makes the outbound connection, which can make the channel viable even when inbound connections are blocked; it does not, by itself, bypass every firewall or security control. Attackers commonly obtain one after exploiting a vulnerable service, using stolen credentials, or executing malicious code, then operate with the compromised account’s permissions.

Its security significance is remote command execution: an attacker may install tools, steal accessible secrets, move to other systems, or attempt privilege escalation. Outbound traffic from an unusual process, destination, port, or time can provide a useful detection signal, especially when endpoint telemetry links a connection to a shell or scripting interpreter. Key defenses are restrictive egress filtering, patching exposed services, least privilege, and network segmentation. If detected, isolate the host, terminate the channel, and investigate the originating process and persistence mechanisms.

Showing 2 most recent headlines Filtered view