Chapter 9: Investigating Post-Exploitation Techniques

Initial access is just the first small step from the threat actor's perspective. Back in the day, we saw a lot of attacks focusing on immediate encryption of the initially compromised host, but now many ransomware affiliates focus on post-exploitation activities, which may include privilege escalation, credential access, reconnaissance, and others, so they can obtain control of the whole network, exfiltrate the most sensitive data, and encrypt as many hosts as possible. Also, as many threat actors focus on data exfiltration, usually they want to stay in the network as long as possible to be able to get the most sensitive data. For the same reason, they may want to deploy additional backdoors ...

Get Incident Response Techniques for Ransomware Attacks now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Incident Response Techniques for Ransomware Attacks by Oleg Skulkin

Chapter 9: Investigating Post-Exploitation Techniques

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly