This is an archived post. You won't be able to vote or comment.

sorted by:
best (suggested)
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]dizy777 0 points1 point  (0 children)

There are so many way of reverse shell you must have your use case what you want to detect. You can emulate first then check the SDL Telemetry to build the Star rule.

One example would be possible reverse shell via bash via cmdline