"A real objective is always tactical, precise, tangible, and concrete."
If exploiting a system is the definition of what a penetration test is, it is the action on the objective after the exploitation that gives the test its real purpose. This step demonstrates the severity of the exploit, and the impact that it could have on the organization. This chapter will focus on the immediate post-exploit activities, as well as the aspect of horizontal escalation – the process of using an exploited system as a starting point to jump off to other systems on the network.
By the end of this chapter, you will have learned about the following:
- Local privilege escalation
- Post-exploitation tools
- Lateral movement within the target networks
- Compromising domain trusts
- Pivoting and port forwarding