Backdoor

A backdoor provides hidden, persistent access to a compromised host, network device or application — typically bypassing logging, authentication and policy controls. It may be planted by an external attacker (web shell, malicious service, scheduled task), pre-installed by an insider, hidden in a software supply chain, or originate from a vendor as an undocumented account. Backdoors enable command execution, data exfiltration and re-entry after eviction. Detection requires endpoint and network telemetry correlation, code signing checks, configuration auditing, threat hunting, and supply-chain attestation. Mitigation includes least privilege, regular credential and key rotation, anomaly detection and immutable audit logging.