Maintaining access

Once the target system has been compromised, the penetration tester would attempt to create multiple instances of backdoor access in the event that they are no longer able to access the system via the exploit. Some penetration testers use this opportunity to implant Remote Access Trojans (RATs) or create a botnet to control the compromised systems.

The phase has the following objectives:

• Create and maintain remote access
• Hide files
• Steal data