Chapter 4. Exploit

The goal of passive and active reconnaissance is to identify the exploitable security flaws that are most likely to support the tester's or attacker's objective (denial of service, theft, or modification of data). The exploit phase of the kill chain focuses on creating the access to achieve the objective—either stopping the access to a target by creating a denial of service or the more common approach of establishing persistent access to the target from the attacker.

The penetration tester must be concerned with the following aspects of the exploit phase:

  • Was the target fully characterized? If the attacker does not understand the network and host architecture of the target, the attack will fail and there will be an increased risk of detection.
  • Is the exploit well known, with defined actions on the target system? An uncharacterized exploit could have unintended consequences when employed and the resulting damage could have a negative impact on the...