# Staging/Stagers

Stagers are used to: keep payload smalls, appear non malicious, and avoid detection. This will keep things nice and simple and will reduce the complexity of our payloads. Here are a list of stages, and their purpose:

**STAGE 0**

* Also known as Droppers and Loaders
* Burnable and ready to adapt to new methods
* Used for Initial payload delivery
* Detecting defenses such as security products and application whitelisting
* Used for bypassing such defenses like application whitelisting and amsi
* facilitate transfer into the other stages

**STAGE 1**

* This is used for persistence and such
* Used for situational awareness and information gathering
* Will be the long term beacon
* Will usually have robust communication, and will be very stable

**STAGE 2**

* This is where the fun starts
* Privilege escalation
* lateral movement
* Network enumeration
* AD attacks and credential access

**STAGE 3**

* The exfiltration phase
* Find and extract sensitive data
* encrypt traffic, uses traffic tunneling


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/staging-stagers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.