Reverse Shell Study
Safe lab metadata analyzer for suspicious outbound reverse-shell-like network behavior — pcap metadata only, no payloads.
Reads pcap metadata (connection records only, no packet content), analyzes outbound connections to suspicious destinations and ports, and flags interactive-session indicators (low data, long duration, persistent unidirectional flow to a non-standard port). Findings, risk-scored summary, Markdown report, timeline, and analyst triage handoff.
Catalog entry only — a full write-up lands closer to release.
Related across catalogs
- Beaconing Traffic DetectorSecurity project· Demo ready
Detects periodic outbound callback (C2 beacon) behavior from timestamped network logs by scoring inter-arrival timing consistency per source/destination pair.
- Network BaselineSecurity project· Demo ready
Builds a normal traffic baseline from a sample of network logs, then flags unusual source IPs, destination ports, and connection volume spikes in observed traffic.
- AttackReplay StudioSecurity project· Demo ready
Visual incident replay dashboard — turns safe sample logs into an attack timeline, attack path view, GeoIP map, and incident summary.
- AutoPatch AISecurity project· Demo ready
Dependency vulnerability scanner and upgrade planner — scans package.json, requirements.txt, and Dockerfile base images, flags risky pins, produces PR-preview output.
- CSP GuardianSecurity project· Demo ready
Website security header and iframe policy analyzer — inspects CSP, X-Frame-Options, cookies, CORS, and HSTS to flag clickjacking, XSS, and framing risks.
Want a heads-up when Reverse Shell Study releases?