After successfully exploiting a system, what is the primary goal of post-exploitation activities?
Think about what an attacker wants to do after gaining control of a system.
Post-exploitation focuses on maintaining control and collecting valuable data from the compromised system, not on unrelated tasks like scanning the internet or installing antivirus.
Which of the following best describes the concept of pivoting in a cyberattack?
Pivoting involves moving from one system to another inside a network.
Pivoting means using a compromised machine as a stepping stone to reach other machines in the network that are not directly accessible.
An attacker has gained access to a server inside a corporate network. They want to move laterally to a database server that is not accessible from outside. Which method would best allow this pivot?
Think about how attackers use compromised machines to reach internal resources.
Setting up a SOCKS proxy on the compromised server allows the attacker to route their traffic through it, effectively pivoting into the internal network to reach the database server.
Which of the following statements correctly compares VPN pivoting and port forwarding pivoting?
Consider the scope of access each method provides.
VPN pivoting establishes a full network tunnel, allowing access to all network resources, whereas port forwarding only redirects traffic for specific ports.
An attacker sets up SSH local port forwarding from their machine to a remote internal web server through a compromised jump host. What is the expected result of this setup?
Think about what local port forwarding does in SSH.
SSH local port forwarding forwards a port on the attacker's local machine to a port on the remote internal server via the jump host, allowing access through the local port.