Payload
What is Payload?
PayloadThe part of an exploit, malware, or attack that actually performs the malicious action, such as encrypting files, opening a backdoor, or stealing data.
In offensive security, a payload is the code or data that runs after a successful exploit or after a malicious file is opened, and that delivers the attacker's true objective. Typical payloads include reverse shells, command-and-control beacons, encryptors, info-stealers, keyloggers, droppers, persistence installers, or destructive wipers. Modern intrusion chains separate the delivery method (phishing, exploit, drive-by) from the payload, often using droppers and loaders to stage the final code in memory only. Defences include endpoint detection and response, application allow-listing, memory protection (DEP, ASLR, CFG), anti-exploit features, egress filtering, and rapid response when initial indicators are observed.
● Examples
- 01
A Cobalt Strike beacon loaded into memory after a phishing document executes.
- 02
A ransomware encryptor delivered by a Qakbot dropper as the final stage.
● Frequently asked questions
What is Payload?
The part of an exploit, malware, or attack that actually performs the malicious action, such as encrypting files, opening a backdoor, or stealing data. It belongs to the Malware category of cybersecurity.
What does Payload mean?
The part of an exploit, malware, or attack that actually performs the malicious action, such as encrypting files, opening a backdoor, or stealing data.
How do you defend against Payload?
Defences for Payload typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Payload?
Common alternative names include: Malware payload, Attack payload.