Background
Prior to executing any post-exploitation steps, it is imperative for red teamers to assess the target system's security measures. This involves gathering information about the presence of antivirus (AV) software, endpoint detection and response (EDR) solutions, Windows audit policies, PowerShell logging, event forwarding, and other security-related components.
Host reconnaissance serves as an important factor in determining the level of risk involved in red team activities and shaping the tactics used during the engagement. By gathering information about the target system's security measures, red teamers can better understand the potential challenges and prepare accordingly. The concept of "offense in depth" is similar to "defense in depth," where multiple layers of security are implemented to provide redundancy. In the context of red teaming, it involves preparing a range of tools and strategies to achieve the same objective and minimize the risk of detection.