Performing Post—Exploitation Techniques
摘要
In a penetration testing engagement, subsequent to exploiting a vulnerability and compromising a system, one may conduct further activities to maneuver laterally and pivot through additional processes, applications, or systems to illustrate potential compromises and methods of information exfiltration from the organization. Persistence can be achieved via establishing backdoors, generating new user accounts, scheduling tasks, and interfacing with a command and control (C2) system to execute additional attacks. Upon concluding your engagement, you must eliminate all traces of your presence in a compromised system by purging logs and any other data that could facilitate discovery. This chapter will instruct you on executing lateral movement, ensuring persistence, and concealing your activities following a penetration testing engagement.