Post-Exploitation

After gaining initial access, assess the true impact by exploring what an attacker could achieve: data access, privilege escalation, lateral movement, and persistence.

🎯 Why Post-Exploitation Matters

True Impact Assessment: Initial access is just the beginning - post-exploitation reveals actual business risk
Comprehensive Testing: Clients need to understand full attack chain, not just entry points
Defense Validation: Tests monitoring, detection, and incident response capabilities
Risk Prioritization: Helps stakeholders understand which vulnerabilities are most critical

⚠️ Critical: Always stay within scope. Document everything. Never access real customer data or make permanent changes without explicit authorization.

📚 Post-Exploitation Guides

Explore in-depth guides for each post-exploitation technique. Each guide includes tools, techniques, and practical exercises for mastering the skill.

Session Attacks

Auth

Session hijacking, cookie theft, JWT manipulation, token replay, session fixation, and OAuth/OIDC attack techniques.

JWT Cookies OAuth Fixation

Privilege Escalation

Access

Vertical and horizontal privilege escalation, IDOR exploitation, role manipulation, parameter tampering, and access control bypass.

Vertical Horizontal IDOR Autorize

Lateral Movement

Pivoting

SSRF pivoting, cloud metadata exploitation, database pivoting, internal API discovery, Kubernetes escape, and network tunneling.

SSRF Cloud K8s Chisel

Cleanup & Documentation

Report

Evidence collection, artifact cleanup, client communication, professional documentation, and screenshot best practices.

Evidence Cleanup Timeline Templates

Post-Exploitation Workflow

flowchart TD A[Initial Access] --> B[Assess Access Level] B --> C[Data Enumeration] B --> D[Privilege Escalation] B --> E[Lateral Movement] C --> F[Sensitive Data] D --> G[Higher Privileges] E --> H[Additional Systems] F --> I[Impact Assessment] G --> I H --> I %% Styling for high contrast in both light/dark modes style A fill:#00ff00,stroke:#00ff00,color:#000000,stroke-width:2px style I fill:#ff0000,stroke:#ff0000,color:#ffffff,stroke-width:2px

🛠️ Essential Post-Exploitation Tools

jwt_tool

JWT analysis & manipulation

pip install jwt-tool GitHub →

BeEF

Browser exploitation framework

git clone beef.git Docs →

hashcat

GPU-accelerated password cracker

brew install hashcat Docs →

Autorize

Burp authorization testing

Burp BApp Store GitHub →

Stay Within Scope

Post-exploitation should demonstrate impact without causing harm. Avoid accessing actual customer PII, deleting data, or making permanent changes. Document everything.

✅ Quick Checklist

Ensure you've covered all post-exploitation categories:

Session Attacks
  • ☐ Cookie theft tested
  • ☐ JWT manipulation
  • ☐ Session fixation
  • ☐ OAuth/OIDC tested
Privilege Escalation
  • ☐ Vertical escalation
  • ☐ Horizontal escalation
  • ☐ IDOR testing
  • ☐ Role manipulation
Lateral Movement
  • ☐ SSRF pivoting
  • ☐ Cloud metadata
  • ☐ Database pivoting
  • ☐ Internal API discovery
Cleanup
  • ☐ Test accounts removed
  • ☐ Uploads deleted
  • ☐ Evidence documented
  • ☐ Client notified

Next Steps

With comprehensive evidence of impact, proceed to Reporting to document your findings and provide actionable remediation guidance to the client.

Related Topics

Exploitation

Vulnerability exploitation techniques

Reporting

Document and communicate findings

XSS Attacks

Cross-Site Scripting for session hijacking

Vulnerability Analysis

OWASP Top 10 breakdown