Payload

In offensive security, a payload is the code or data that runs after a successful exploit or after a malicious file is opened, and that delivers the attacker's true objective. Typical payloads include reverse shells, command-and-control beacons, encryptors, info-stealers, keyloggers, droppers, persistence installers, or destructive wipers. Modern intrusion chains separate the delivery method (phishing, exploit, drive-by) from the payload, often using droppers and loaders to stage the final code in memory only. Defences include endpoint detection and response, application allow-listing, memory protection (DEP, ASLR, CFG), anti-exploit features, egress filtering, and rapid response when initial indicators are observed.