Post-Exploitation¶
What to do after you land a shell: AV / UAC bypass, credential gathering, password cracking, port forwarding, file transfer, and APPLocker / ATA evasion.
Contents¶
-
Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats.
-
Antivirus or AV is a kind of software used to prevent, scan, detect and delete malware from a computer. During our assessments there are a lot of tools such as meterpreter, mimikatz, etc that are flagged as a malware.
-
AppLocker is a Windows Defender functionallity which helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps,…
-
User Account Control (UAC) is an access control system that forces applications and tasks to run in the context of a non-administrative account until an administrator authorizes elevated access.
-
After compromising a target is important to recollect the maximum credentials to spray them on the network.
-
Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.
-
In computer networking, port forwarding or port mapping is an application of network address translation that redirects a communication request from one address and port number combination to another.
-
To gain control over a compromised system, an attacker usually aims to gain interactive shell access for RCE. A reverse shell is a connection back that means that the victim connects to the attacker.
-
In this section I’m going to enumerate difference methods to transfer files such us exploits or outputs of some scripts from our attacker machine to the target and viceversa.