Staging/Stagers
Stagers are used to: keep payload smalls, appear non malicious, and avoid detection. This will keep things nice and simple and will reduce the complexity of our payloads. Here are a list of stages, and their purpose:
STAGE 0
- Also known as Droppers and Loaders
- Burnable and ready to adapt to new methods
- Used for Initial payload delivery
- Detecting defenses such as security products and application whitelisting
- Used for bypassing such defenses like application whitelisting and amsi
- facilitate transfer into the other stages
STAGE 1
- This is used for persistence and such
- Used for situational awareness and information gathering
- Will be the long term beacon
- Will usually have robust communication, and will be very stable
STAGE 2
- This is where the fun starts
- Privilege escalation
- lateral movement
- Network enumeration
- AD attacks and credential access
STAGE 3
- The exfiltration phase
- Find and extract sensitive data
- encrypt traffic, uses traffic tunneling
Last modified 1yr ago