Publication

Abstract :

There are millions of virus variations, making it extremely tough to safeguard a corporation. Intrusion detection and prevention devices can identify malicious behaviour achieved by external or internal attackers by monitoring and analyzing network data. The “connect-back shell,” often referred to as a reverse shell, creates a shell session on the target system before accessing the victim's computer. The objective is to establish a connection to a remote computer and reroute the input and output connections of the target system's shell to enable remote access by the attacker. The data is delivered and displayed in the listener's system when the listener executes malicious shell code on the initiator's computer when a connection is made. The Security Onion platform includes administration options such as Secure Shell (SSH) for server and sensor management and remote web client access. The comprehensive packet capture feature of Security Onion gives the security analyst access to host, session, and network data. Security Onion's comprehensive packet capture capability gives the security analyst a wide range of monitoring, analysis, and management options by allowing access to host, session, and network data. The proposed work creates a bogus reverse shell attack that uses Security Onion to carry out the basic functions of a reverse shell and can sniff network communication between the attacker and victim.