Post-exploitation is everything after initial access: privilege escalation, persistence establishment, lateral movement, internal reconnaissance, data exfiltration, and covering tracks.
In pen testing, document every action with timestamps. Post-exploitation demonstrates real impact beyond entry point. Tools: Metasploit, Cobalt Strike, Impacket (for Windows/AD). Blue team goal: detect and respond during post-exploitation.