The attacker gathers data about the target: such as browsing websites, pulling down PDF’s and learning the internal IT structure of the target organization
Delivery: the payload is delivered to its target, whether it is an HTTP request containing SQL injection code or an email with a compromised method of attack Exploitation: this is the key phase of the attack, possibly using elements of a software, hardware or human vulnerability, or social engineering Installation: installation of a remote access Trojan or backdoor on the victim system
Allows an attacker to maintain persistence inside the environment
Once the attacker has exploited a host system, they beacon back out to a controlling system, typically via the internet to provide hands-on-keyboard access inside the targeted environment.
This is when the data, which has been the ultimate target all along, is collected, encrypted and extracted