• The Post-Exploitation stage aims to obtain sensitive and security-relevant information from a local perspective and business-relevant information that, in most cases, requires higher privileges than a standard user.

This stage includes the following components:

Evasive Testing

• If a skilled administrator monitors the systems, any change or even a single command could trigger an alarm that will give us away. In many cases, we get kicked out of the network, and then threat hunting begins where we are the focus. We may also lose access to a host (that gets quarantined) or a user account (that gets temporarily disabled or the password changed). This penetration test would have failed but succeeded in some ways because the client could detect some actions.
• Our goal should be to go mostly undetected so we can identify any "blind spots" our clients have in their network environments.

Evasive testing is divided into three different categories:

Information Gathering

• Since we have gained a new perspective on the system and the network of our target system in the Exploitation stage, we are basically in a new environment. This means we first have to reacquaint ourselves with what we are working with and what options are available

Pillaging

Pillaging is the stage where we examine the role of the host in the corporate network. We analyze the network configurations, including but not limited to:

Persistence

• Once we have an overview of the system, our immediate next step is maintaining access to the exploited host.This way, if the connection is interrupted, we can still access it. This step is essential and often used as the first step before the Information Gathering and Pillaging stages.
• It is recommended that we work flexibly during this phase and adapt to the circumstances.