# Staging/Stagers

Stagers are used to: keep payload smalls, appear non malicious, and avoid detection. This will keep things nice and simple and will reduce the complexity of our payloads. Here are a list of stages, and their purpose:

**STAGE 0**

* Also known as Droppers and Loaders
* Burnable and ready to adapt to new methods
* Used for Initial payload delivery
* Detecting defenses such as security products and application whitelisting
* Used for bypassing such defenses like application whitelisting and amsi
* facilitate transfer into the other stages

**STAGE 1**

* This is used for persistence and such
* Used for situational awareness and information gathering
* Will be the long term beacon
* Will usually have robust communication, and will be very stable

**STAGE 2**

* This is where the fun starts
* Privilege escalation
* lateral movement
* Network enumeration
* AD attacks and credential access

**STAGE 3**

* The exfiltration phase
* Find and extract sensitive data
* encrypt traffic, uses traffic tunneling