After this lesson, you will be able to: Understand post-exploitation, privilege escalation, and how to write a pen test report.
Initial access is the start, not the end. Post-ex is privilege escalation, lateral movement, persistence, and pivoting. The deliverable that pays the bills is the report.
Linux: `sudo -l`, SUID binaries (`find / -perm -4000`), kernel exploits, cronjobs running as root. Windows: SeImpersonate (PrintSpoofer, Juicy Potato), unquoted service paths, AlwaysInstallElevated.
1. Executive summary, 1 page, business-language risk.
2. Methodology, what you did, scope, tools, dates.
3. Findings, each with severity (CVSS), description, impact, reproduction steps, screenshots, remediation.
4. Appendices, full raw output for transparency.
5. Conclusion, strategic recommendations.
In red teams, you may install persistence (scheduled tasks, registry run keys, SSH key drop). In pen tests, you typically DON'T, you document and clean up. The RoE specifies which.
Sign in and purchase access to unlock this lesson.