#### [[Blocking shells]] --- To block almost all future possible shells resulting from exploit, one can change the outgoing firewall on the system. Especially on a server. Still allow core networking and maybe a few executables, but for the most part disallowing all outgoing will prevent future CLI access. There are ways to find an open port as part of the exploit though, but this is very rare because they tend to be ephemeral. This is basically known as micro-segmentation. A visualization tool for this is Illumio. In addition, harden the box by removing extraneous services and application whitelisting. This is still vuln to bind shells, but will stop most reverse shells. --- Tags: Reference: Related: