Skip to content

Deepening Control

Deepening Control consists of techniques adversaries use to strengthen and maintain their foothold after execution by elevating privileges, ensuring persistence, evading detection, and establishing robust command‑and‑control channels. Within cloud and application environments this can include abusing misconfigured API roles, implanting webshell endpoints, disabling runtime protection services, and using application protocols for covert C2. These techniques solidify access and complicate incident response.

Privilege Escalation

Privilege Escalation is a critical phase in many cyber attacks, where adversaries seek to elevate their access rights from a standard user to those of an administrator or system-level account. Attackers exploit various vulnerabilities, misconfigurations, or design flaws to gain higher privileges, enabling them to access sensitive data, install malware, or pivot to other systems within the network. Common techniques include exploiting unpatched software vulnerabilities, leveraging weak file permissions, manipulating access tokens, or using stolen credentials. Successful privilege escalation can lead to full system compromise, data exfiltration, and the ability to maintain long-term persistence within the targeted environment.

Persistence

Persistence is a sophisticated tactic employed by threat actors to maintain prolonged, unauthorized access to compromised systems or networks. This technique involves establishing multiple, redundant access methods designed to survive system reboots, credential changes, and other defensive measures. Adversaries typically achieve persistence through a variety of methods, including but not limited to: creating backdoor accounts, modifying startup scripts, installing malicious services, manipulating legitimate system features like scheduled tasks or browser extensions, and exploiting vulnerabilities in trusted applications. By implementing robust persistence mechanisms, attackers can conduct long-term espionage operations, exfiltrate sensitive data over extended periods, or maintain a stable launching point for further lateral movement and privilege escalation within the target environment.

Defense Evasion

Defense Evasion encompasses sophisticated techniques employed by threat actors to circumvent detection mechanisms and maintain persistence within compromised systems. Attackers leverage a wide array of methods, including masquerading as legitimate processes, tampering with logging and monitoring systems, and employing obfuscation techniques to conceal malicious code. Advanced evasion tactics may involve exploiting trusted processes, utilizing fileless malware, or manipulating access tokens to blend in with normal system activities. By constantly evolving their evasion strategies, adversaries aim to prolong their presence in the target environment and hinder incident response efforts.

Command and Control

T.B.D