Post-Exploitation

Credential dumping is a post-exploitation technique used to extract authentication material from compromised systems. This SECMONS record explains how credential dumping works, its role in enterprise intrusions, and defensive detection strategies.

A Backdoor is a hidden access mechanism that allows attackers to bypass standard authentication and security controls. This SECMONS glossary entry explains how backdoors are installed, how they differ from web shells, and why they are critical in post-compromise persistence.

Command and Control (C2) refers to the infrastructure and communication mechanisms attackers use to remotely manage compromised systems. This SECMONS glossary entry explains how C2 works, common techniques, and how defenders detect and disrupt malicious control channels.

Data Exfiltration is the stage of an intrusion where attackers extract sensitive information from a compromised environment. This SECMONS glossary entry explains how data exfiltration works, common techniques, operational impact, and defensive detection strategies.

Defense Evasion refers to the techniques attackers use to avoid detection, bypass security controls, and remain undetected within a compromised environment. This SECMONS glossary entry explains how defense evasion works, common techniques, and how defenders can detect and counter them.

Lateral Movement is a post-compromise attack technique where an adversary moves from one compromised system to others within the same network. This SECMONS glossary entry explains how lateral movement works, why it is operationally critical, and how defenders should detect and contain it.

Persistence is the stage of an intrusion where attackers establish mechanisms to maintain access to a compromised system or environment over time. This SECMONS glossary entry explains how persistence works, common techniques used by threat actors, and how defenders can detect and remove persistent footholds.

Privilege Escalation is an attack technique where a user or process gains higher permissions than originally granted. This SECMONS glossary entry explains vertical and horizontal privilege escalation, common exploitation paths, and defensive mitigation strategies.

A Web Shell is a malicious script deployed on a web server that allows attackers to execute commands remotely. This SECMONS glossary entry explains how web shells are deployed, why they are difficult to detect, and how defenders can identify and remove them.