Data gathering, network analysis, and pillaging

Once a system has been compromised, it is advisable to fully enumerate the device. Any valuable clues or information need to be located and properly managed in a quick and efficient manner. During this phase, the focus should be on gathering credentials and fully enumerating installed services, network configurations, and access history. It may also be beneficial to determine what type of network or environment the system is running in. Is the network segmented, are there multiple IPs associated with the device, or is it actually virtualized, such as our test network?

Tip

Creating a list of commands and procedures used when reviewing a compromised system will increase the efficiency and effectiveness ...

Get Advanced Penetration Testing for Highly-Secured Environments - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.