Staging/Stagers

Stagers are used to: keep payload smalls, appear non malicious, and avoid detection. This will keep things nice and simple and will reduce the complexity of our payloads. Here are a list of stages, and their purpose:

STAGE 0

• Also known as Droppers and Loaders

• Burnable and ready to adapt to new methods

• Used for Initial payload delivery

• Detecting defenses such as security products and application whitelisting

• Used for bypassing such defenses like application whitelisting and amsi

• facilitate transfer into the other stages

STAGE 1

• This is used for persistence and such

• Used for situational awareness and information gathering

• Will be the long term beacon

• Will usually have robust communication, and will be very stable

STAGE 2

• This is where the fun starts

• Privilege escalation

• lateral movement

• Network enumeration

• AD attacks and credential access

STAGE 3

• The exfiltration phase

• Find and extract sensitive data

• encrypt traffic, uses traffic tunneling