Consolidating Gains

From a chess perspective, “Consolidating Gains” addresses the types of tactical moves that might be made by chess players once they have successfully penetrated their opponent’s defenses. Previous chapters in this text have addressed hacking strategy and hacking exploits prior to (or concurrent with) system or network penetration. ¹ This chapter focuses on the tactics and tools employed by attackers to consolidate their position on a system or network — essentially, the measures that are undertaken by attackers to ensure consistent, covert access to a resource or to extend their privileges as they relate to that resource. This is an important chapter; it ties into the forensics material presented in the next chapter (because it addresses forensics evasion) and makes some key points about the value of effective system hardening in constraining hacking activity. It also demonstrates the acuteness of the hacking community’s awareness of common system administration practices, standard system builds, default application configurations, and network management facilities. The intent of this chapter is to attempt to inform the way in which system and network administrators approach the management of these resources from a “counter-tactics” perspective.