Dump IT ALL :

• I would download everything I gain access to. That might be user data or employee data,

• If I gained access to an employee's PC I would download everything they have there and everything they have access to like data, emails, personal pics, and so on.

• I would then analyze the data to see if there is anything I can sell, bribe for, and any details that would open other attack vectors (phishing, spear phishing, whaling, access/info about other systems, etc.).

After the discovery part is done, I would try to gain access to other systems as lateral movement and do again the first and second step when I'm in.

How would I get it?

Based on the data I've obtained when doing the discovery part I might've found some vulnerable systems, old systems with existing CVE's or just found some credentials on the employee computer.

Privilege Escalation

This could be done by using vulnerabilities in old systems, stealing tokens, modifying the app to steal and send details to remote systems, maybe creating some fake apps that look like internal apps and steal credentials, and so on.

Whatever I do next, I want to still have access to the app/infrastructure so I would start placing backdoors, reverse shells, creating admin accounts, having open sessions to the employee like RDP, and maybe leave open ssh tunnels.

The last step

It would be different depending on my goal.

If this is only money or destruction I would ransomware the hell out of them, systems, databases, user data, employee data, and pretty much everything that I had access to.

If I want to just steal data, I would not do anything destructive and stay in low profile to have the data coming in until they notice it and try to cut me off. I would deface their sites to show off or promote myself.