One of the most common arguments against the killchain is that "Actions on Objectives" is too vague. For one, all of the other steps of the killchain can occur as an action on objective if the attacker uses it to attack something else, which is known as pivoting. But there are many other "post-exploitation" objectives of an attacker, which range from installing backdoors to bricking the device.

There are 5 P's of Post-Exploitation:

  • Persistence = Find a way to maintain access
  • Privilege Escalation = Find a way to get a higher level of access than you already have
  • Pilfer = Steal things
  • Pillage = Break things.
  • Pivot = Move from one box to another and start the killchain all over again.

I will write a good post on this at some point, but for now, just try to remember what each of those things means.


Describe a hypothetical attack on a user via email, using your current understanding, from recon all the way through all the post exploitation possibilities. It is fine if you don't have the technical understanding, we are just trying to make sure you have the concepts down. You are going to look back at this scenario later in the course and do it again, once you have more technical concepts down.