Assessing Red Team Post Exploitation Activity

Attackers can use some sophisticated and unsophisticated means to slip by external defenses and detections. Insider threat is on the rise and completely bypasses network or remote access inspection and authentication. As a pen-test progresses from the initial access phase into post-exploitation activity, you aim to understand what is being accomplished inside the network and how your internal defenses can accomplish a defense in depth posture. You ask the assessment team to explain not only what steps they are taking to operate inside your already compromised network but also how you can mitigate these capabilities in the future.