You Got a Shell. Now What?

The exploit landed, the shell is blinking at you — and most people freeze. This is the post-foothold playbook: the disciplined first thirty minutes on a box. Stabilise the shell, orient yourself, escalate, loot the credentials, establish persistence, map the internal network and pivot toward Domain Admin — a clear decision framework for what to do next, with real Linux and Windows commands and where each deep-dive fits.