In the Reconnaissance and Enumeration reading, we talked about some of the processes that happen at the beginning of the hacking process. The following concepts that will be talked about in this article will refer to the concepts that are applied during an attack.

Privilege Escalation:

Also talked about in Course 6, privilege escalation refers to, literally, elevating the privileges that you have. In hacking, privilege escalation is used to dig further and further into systems. Once privileges are escalated, they can be used to access new parts of the system.

Lateral Movement:

Lateral movement is the process of expanding access to a system to more parts of the system. An example of this could be using the credentials of a normal employee to gain access to one part of the system. From there, other attacks and privilege escalation could be used to find more credentials to admin accounts, which unlocks much more of the system.

Pivoting:

Pivoting, also known as island hopping, is the process of “hopping” through many different targets to ultimately attack the main target. For instance, an attacker may go through the systems of third-party suppliers of the target in order to gain information about them.

Persistence:

Persistence does not refer to attacking something over and over again, but it refers to maintaining a continuous connection to the system. Backdoors (Course 7) are examples of attacks that provide continuous, persistent connections to a target. An Advanced Persistent Threat (APT), is also a good example of using persistence in an attack, since an APT is a type of threat actor that can remain in a system undetected for long periods of time.