Exploitation

The malware that was delivered to the target is then detonated (executed) on the system which then performs actions instructed (coded into) by the malware. This might include gaining access to the FTP servers using the credentials found in the reconnaissance phase and using those FTP servers as the pivotal point in which to distribute the malware on each and every system on the target network as a software update installer. This phase focuses on the execution of the malware and the exploitation of vulnerable services in the network (if coded into the malware).