In the modern world of hacking and system attacks, attackers are not as concerned with exploitation as they are with what can be done with that access. This is the part of the kill chain where the attacker achieves the full value of the attack.
Once a system has been compromised, the attacker generally performs the following activities:
- Conducts a rapid assessment to characterize the local environment (infrastructure, connectivity, accounts, presence of target files, and applications that can facilitate further attacks)
- Locates and copies or modifies target files of interest, such as datafiles (proprietary data and financial information)
- Creates additional accounts and modifies the system to support post-exploitation activities
- Attempts to vertically escalate the privilege level used for access by capturing administrator or system-level credentials
- Attempts to attack other data systems (horizontal escalation) by pivoting the attack...