Any attack will have a number of stages and it is important that an administrator both knows and understands these states in order to be able to;
- mitigate attacks before they cause damage,
- log an evidence trail for possible prosecution use
- defend against possible attacks against the organization.
An understanding of how an attacker thinks is essential to this process.
The attack process follows the standard pattern.
Phase 1 - Recon or Information Collection
This stage consists of several parts.
In this phase we see:
- Pivot systems for more attacks
- Extend Access (e.g. using a Trojan
- Privilege escalation
- DoS / DDoS attacks
To be continued soon…