Once inside, attackers want to stay inside. They install backdoors, rootkits, and other persistence mechanisms. This phase increases their risk of detection—which is why good monitoring is crucial.
04
MAINTAINING ACCESS
Having gained access, an attacker must maintain access long enough to accomplish his or her objectives. This phase can increase the attacker's vulnerability to detection.
🚪 Backdoors
Hidden entry points for easy return
👑 Rootkits
Hide attacker's presence
⏰ Timed Jobs
Scheduled tasks to maintain access
🔄 Persistence
Survive reboots and logouts
⚠️ LONGER ACCESS = HIGHER DETECTION RISK