Staging/Stagers
Stagers are used to: keep payload smalls, appear non malicious, and avoid detection. This will keep things nice and simple and will reduce the complexity of our payloads. Here are a list of stages, and their purpose:
STAGE 0
  • Also known as Droppers and Loaders
  • Burnable and ready to adapt to new methods
  • Used for Initial payload delivery
  • Detecting defenses such as security products and application whitelisting
  • Used for bypassing such defenses like application whitelisting and amsi
  • facilitate transfer into the other stages
STAGE 1
  • This is used for persistence and such
  • Used for situational awareness and information gathering
  • Will be the long term beacon
  • Will usually have robust communication, and will be very stable
STAGE 2
  • This is where the fun starts
  • Privilege escalation
  • lateral movement
  • Network enumeration
  • AD attacks and credential access
STAGE 3
  • The exfiltration phase
  • Find and extract sensitive data
  • encrypt traffic, uses traffic tunneling
Last modified 1yr ago
Copy link