Post-Exploitation
Post-exploitation activities occur after gaining initial access to a system.
Objectives
- Maintain access
- Escalate privileges
- Gather sensitive data
- Pivot to other systems
- Cover tracks
Categories
- Persistence - Maintaining access
- Data Exfiltration - Extracting data
Rules of Engagement
Always follow the scope and rules of engagement. Do not perform post-exploitation activities outside your authorization. Recheck customer scope.