In a penetration testing engagement, subsequent to exploiting a vulnerability and compromising a system, one may conduct further activities to maneuver laterally and pivot through additional processes, applications, or systems to illustrate potential compromises and methods of information exfiltration from the organization. Persistence can be achieved via establishing backdoors, generating new user accounts, scheduling tasks, and interfacing with a command and control (C2) system to execute additional attacks. Upon concluding your engagement, you must eliminate all traces of your presence in a compromised system by purging logs and any other data that could facilitate discovery. This chapter will instruct you on executing lateral movement, ensuring persistence, and concealing your activities following a penetration testing engagement.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Performing Post—Exploitation Techniques

  • Rajkumar Banoth,
  • Aruna Kranthi Godishala

摘要

In a penetration testing engagement, subsequent to exploiting a vulnerability and compromising a system, one may conduct further activities to maneuver laterally and pivot through additional processes, applications, or systems to illustrate potential compromises and methods of information exfiltration from the organization. Persistence can be achieved via establishing backdoors, generating new user accounts, scheduling tasks, and interfacing with a command and control (C2) system to execute additional attacks. Upon concluding your engagement, you must eliminate all traces of your presence in a compromised system by purging logs and any other data that could facilitate discovery. This chapter will instruct you on executing lateral movement, ensuring persistence, and concealing your activities following a penetration testing engagement.