| Phase | Goal | Techniques |
|---|
| Persistence | Survive reboot, maintain access | Registry, scheduled tasks, cron, SUID, services |
| Privilege Escalation | Get SYSTEM/root | SUID, sudo, token impersonation, kernel exploits |
| Defense Evasion | Stay undetected | LOLBins, AMSI bypass, obfuscation, living off land |
| Credential Access | Get more passwords/hashes | Mimikatz, secretsdump, browser creds |
| Lateral Movement | Access other machines | PsExec, WMI, Pass the Hash, WinRM |
| Exfiltration | Get the data out | DNS tunneling, HTTPS, steganography |
| Covering Tracks | Remove evidence | Log clearing, timestomping, file deletion |