# Exploitation

In the **exploitation** phase, we use vulnerabilities found and CVEs associated with the target to gain unauthorized access or control. It involves access to sensitive data or executing malicious code.

<figure><img src="https://1571945027-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtgxeteB8N7iEoJU7WZh6%2Fuploads%2FvgcDnobsLpcVvQx70Grj%2Fimage.png?alt=media&#x26;token=4d33fa53-191e-4f3d-82a8-f582598cbf41" alt="" width="375"><figcaption></figcaption></figure>

Exploitation can also create the possibility of jumping to another machine in the same network via pivoting or even jumping to another network.

To be cautious, some security measures that can be applied to avoid any exploitation or privilege escalation attempt are:

* Account permission management
* Strong password policies
* Implementation of database security
* Well-development practices
* Cybersecurity awareness training