reverse-shell-techniques

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). These are high-risk: they point to an attacker-controlled HTTP host (including a direct .ps1 PowerShell script and generic file endpoints on port 8000) — untrusted, plain‑HTTP direct-download links that match common malware distribution vectors.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit malicious playbook providing detailed, copy-paste-ready instructions and payloads for establishing and maintaining unauthorized remote access (reverse shells, web/webshells, encrypted socat/openssl/ncat shells, PowerShell download cradles and encoded execution, msfvenom payloads), plus evasion, file transfer, PTY upgrades and persistence guidance, which constitutes deliberate malicious intent and backdoor behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly provides step-by-step commands to create and deploy reverse/web shells, generate payloads, transfer files, run listeners, and implant persistence—actions that modify system state and enable unauthorized control of machines.