Skip to main content
Covert Shells
SANS GIAC Reading Room (2000)
  • John Christian Smith, Southern Methodist University

The potential for covert communications exist anywhere that legitimate communication channels are in use. In order to maintain control of the channel once exploited, the insertion of a backdoor Trojan horse server, to be used with a client that provides shell access, is often a necessary prerequisite to establishing and using a covert channel long term.

We discuss covert channel communications methods ranging from embedded channels to disguised protocols. What follows is a review of available covert shell tools. The underground, historical evolution of covert shells is reviewed, focusing on selected, available tools, which range from simple encapsulation methods to more advanced masquerading and subliminal encoding.

  • Security,
  • Shells,
  • Covert,
  • Hacking
Publication Date
November 12, 2000
Publisher Statement
Submitted to fulfill requirements for SANS GIAC GSEC Gold and originally published in SANS Reading Room.
Citation Information
J. Christian Smith. "Covert Shells". SANS GIAC Reading Room (2000). Available at: