Ayo Secu

CollectionIn the collection phase, attackers gather data of interest from within the compromised environment. This phase is focused on harvesting valuable information such as databases, credentials, sensitive files, and communications. Common methods of collection include database dumps, capturing audio, video, or screen activity, and accessing internal documentation, network shared drives, and ..

Lateral MovementIn the lateral movement phase, attackers leverage their initial foothold to move within the network, accessing additional systems and resources. This phase enables them to spread throughout the environment, often with the goal of reaching high-value assets, escalating privileges, or maintaining persistent access. Common lateral movement techniques include remote access protocols ..

DiscoveryIn the discovery phase of an attack, attackers gather information about the compromised environment to understand its layout, identify high-value assets, and locate other systems they may wish to target. Discovery is essential for planning lateral movement and for gaining the context needed to elevate privileges or execute further attacks. Common discovery tactics include network scanni..

Credential AccessIn the credential access phase of an attack, attackers attempt to steal or obtain credentials (such as usernames, passwords, tokens, and other authentication secrets) that provide access to systems, services, and sensitive information. Access to credentials enables attackers to move laterally within a network, escalate privileges, and maintain persistence. Here’s a breakdown of ..

Defense EvasionIn the defense evasion phase, attackers use techniques to avoid detection, hide their presence, and maintain control over a compromised system. These tactics allow them to bypass security mechanisms, avoid forensic analysis, and prolong their access within the target environment. Key methods of defense evasion include disabling detection software, reverting VM/cloud instances, and..

Privilege EscalationIn the privilege escalation phase, attackers elevate their permissions within a compromised system, gaining higher-level access that allows them to control more resources and execute more damaging actions. Privilege escalation (often shortened to PrivEsc) is essential for attackers to bypass access restrictions, reach sensitive data, or maintain control over a network. Some p..

PersistenceIn the persistence phase of an attack, attackers establish methods to maintain access to a compromised system, even after reboots, log-offs, or security measures. Persistence techniques ensure that attackers can resume control without needing to re-exploit vulnerabilities, helping them stay in the system for extended periods. Here are some common persistence methods, including creatin..

ExecutionIn the execution phase of an attack, the attacker runs malicious code on a system to achieve their objectives, which may include establishing persistence, gaining privileges, or preparing for lateral movement. Execution techniques range from using various shells and interpreters to leveraging scheduled tasks or system management tools like WMI on Windows systems.1. Shells & Interpreters..