YOU ARE CLAY YOU ARE

git-svn-id: file:///home/svn/incoming/trunk@2632 4d416f70-5f16-0410-b530-b9f4589650da
2005-06-12 17:30:04 +00:00 · 2005-06-12 17:30:04 +00:00 · 23e4c9e713
parent a6e0eac67d
commit 23e4c9e713
1 changed files with 10 additions and 6 deletions
--- a/dev/bh/bh05.tex
+++ b/dev/bh/bh05.tex
@ -94,31 +94,35 @@
 \end{frame}

 \begin{frame}[t]
-    \frametitle{Background: the exploitation cycle}
+    \frametitle{Our definitions: the exploitation cycle}

    \begin{sitemize}
        \item \textbf{Pre-exploitation} - Before the attack
        \begin{sitemize}
-            \item Find a bug and isolate it
-            \item Write the exploit, payloads, and tools
+            \item Find a bug and locate the code
+            \item Write the exploit
+	    \item Write any other tools, shellcode, etc
        \end{sitemize}

        \pause
        \item \textbf{Exploitation} - Leveraging the vulnerability
        \begin{sitemize}
+	    \item Do some recon, gather information
            \item Find a vulnerable target
-            \item Gather information
-            \item Initialize tools and post-exploitation handlers
+	    \item Get network access to vulnerable target, etc
+            \item Initialize tools, infrastructure, etc
            \item Launch the exploit
        \end{sitemize}

        \pause
        \item \textbf{Post-exploitation} - Manipulating the target
        \begin{sitemize}
+	    % NOTE:
+	    \item Not so much the command shell itself, but what you do with it
            \item Command shell redirection
            \item Arbitrary command execution
-            \item Pivoting
            \item Advanced payload interaction
+	    \item File access, VNC, pivoting, etc
        \end{sitemize}
    \end{sitemize}
 \end{frame}