It’s easier than ever to scan the internet and run exploits opportunistically, but what happens after that? During this lunch and learn we'll look at unusual activity on non-standard ports, automated persistence and escalation techniques, motivation for conducting these operations, and investigate the hosts and data centers that are used as callback hosts.