Problem
Following successful exploitation of a target, we need some sort of way to maintain access in order to avoid having to re-exploit each time we need to access the target. How we access will be dictated by our customers' defensive efforts. With that in mind, consider the following scenarios and how you would approach maintaining access with each type of obstacle.
• Option I: Firewall Detection
Let's assume one obstacle is a firewall. The firewall may exist on the targets, or on entry/exit point of the network you are attempting to penetrate. How should you approach establishing communication channels with an attack machine external to the network? Consider the flow of communications as either inward or outward with your response. Should you connect to the network or have an internal device connect to you?
• Option II: AntiVirus Detection
Assume a different obstacle is antivirus installed on the target system. Your ideal penetration scenario would be to potentially install suspect coding on the target in order maintain access. How should the malware be compiled? What are some methods of delivery?
• Option III: IDS/IPS Detection
The last obstacle might be an IDS or an IPS on the target network. How will these security measures impact maintaining access efforts? These systems may be host based and/or network based. Will this change your response at all?