Modern attackers are not interested in exploiting a system or network and then moving on; instead, the goal is to attack and compromise a network of value, and then remain resident on the network for as long as possible. Command and control (C2) refers to the mechanisms that testers use to replicate attacker actions by persisting on a system, maintaining two-way communications, enabling data to be exfiltrated to the tester's location, and hiding the evidence of the attack.

The final stage of the attacker's kill chain is the command, control, and communicate phase, where the attacker relies on a persistent connection with the compromised system to ensure that they can continue to maintain their control.

In this chapter, you will learn about the following topics:

• Importance of persistence
• Maintaining persistence with the Metasploit framework, PowerShell Empire, and online file sharing
• Performing domain fronting techniques to maintain command and control
• The art of exfiltrating data using different protocols
• Hiding the evidence of an attack