Post-Compromise Recon

Post-Compromise Recon

• Who do we have access as?

• What roles do we have?

• Is MFA enabled?

• What can we access (webapps, storage, etc)?

• Who are the admins?

• How are we going to escalate to admin?

• Any security protections in place (CloudTrail, GuardDuty, etc.)