To successfully exploit a system completely, we need to be stealthy and avoid detection. At this stage in the game, we have successfully avoided detection by network defensive appliances, such as firewalls and intrusion detection systems. Our next challenge is to avoid detection while on the exploited system.

System administrators use similar techniques to identify malicious activity, when compared to network defenses. A system administrator can examine log files, install applications that watch for malicious software, and set up monitors that look for unauthorized data streams. Administrators can also look at processes ...