The final
step is maintaining access by establishing other entry points into the target and,
if possible, covering evidence of the penetration. It is possible that
penetration efforts will trigger defenses that will eventually secure how the
Penetration Tester obtained access to the network. Best practice is
establishing other means to access the target as insurance against the primary
path being closed. Alternative access methods could be backdoors, new
administration accounts, encrypted tunnels, and new network access channels.
The other
important aspect of maintaining a foothold in a target is removing evidence of
the penetration. This will make it harder to detect the attack thus reducing
the reaction by security defenses. Removing evidence includes erasing user
logs, masking existing access channels, and removing the traces of tampering such
as error messages caused by penetration efforts.
Kali Linux
includes a catalog titled Maintaining Access focused on keeping a foothold within a target. Tools are used for
establishing various forms of backdoors into a target.
The
following is a list of goals for maintaining a foothold:
- Establish multiple access methods to target network
- Remove evidence of authorized access
- Repair systems impacting by exploitation
- Inject false data if needed
- Hide communication methods through encryption and other means
- Document findings
No comments:
Post a Comment