From ce30452f6234fd10801cd44edc9751148653cfa9 Mon Sep 17 00:00:00 2001
From: "Ilya V. Matveychikov" <matvejchikov@gmail.com>
Date: Mon, 2 Jul 2018 20:32:29 +0400
Subject: [PATCH] Update reptile.md

---
 details/reptile.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/details/reptile.md b/details/reptile.md
index 2315232..d253486 100644
--- a/details/reptile.md
+++ b/details/reptile.md
@@ -32,6 +32,7 @@ Implemented via `kill(2)` by hooking `sys_call_table[__NR_kill]` entry. Supporte
 
 Hooking of system calls by patching syscall-handlers in `sys_call_table[]`:
  - to write to read-only page `CR0/WP` technique used (x86-only)
+ - netfilter hook (`NF_IP_PRI_FIRST`)
 
 ## Hiding (tampering) of file contents
 
@@ -51,3 +52,10 @@ Filtering PID-like numeric entries while listing `/proc`:
  - hidden tasks are marked using `task->flags` (bit `0x10000000`)
 
 :exclamation: Not able to hide all threads and children of hidden (parent) process.
+
+# Backdoor/shell
+
+Reverse shell spawning by port-knocking-like technique:
+ - `ICMP/UDP/TCP` port-knocking
+ - spawning root-shell connection to remote host
+