Metasploit Stager vs Stageless Payloads

Metasploit comes with a variety of payloads, as we all know. Those payloads come in a few different types, and vary depending on platform. Of those types, there are two major “categories” available with a key difference that is often not understood. They are staged and stageless payloads. The purpose of this post is to talk about the differences between these two, particularly in the context of Meterpreter and the Metasploit handlers. I’ll also cover off what happens with TCP payloads/handlers, so that it’s clear how it works and what you can do to avoid a common pitfall and reduce noise on the wire. Let’s dive in.