Post-exploitation security workflow

Execute post-exploitation workflow with privilege escalation and lateral movement

Structured post-exploitation of compromised systems with automated privilege escalation detection, credential harvesting, and domain reconnaissance.

• · Target hostname or IP
• · Optional SESSION_ID or access level (user/www-data/root/SYSTEM)
• · scope.txt (in-scope targets list)

• · Post-ex summary with timestamps
• · Escalation path with ATT&CK TTPs
• · Harvested credentials (location refs only, not plaintext)
• · Domain compromise path (if applicable)

• · LinPEAS / WinPEAS (automated enumeration)
• · post-ex agent
• · password-attacks agent (credential cracking)
• · active-directory agent (domain compromise)

• · Target in scope.txt
• · Initial shell access already established
• · Sufficient OS permissions for enumeration

• · Target not in scope.txt → workflow stops immediately
• · LinPEAS/WinPEAS fails → escalation agent escalates gracefully
• · No domain found → skips AD agent dispatch
• · Credentials found but crack fails → stored for manual review

• · Scope check enforced before any execution (compliance gate)
• · Separate agents per discipline (post-ex, password-attacks, AD)
• · Evidence timestamped and organized by target/date
• · Credentials stored by location ref only (no plaintext in logs)