Lateral Movement and Pivoting

Introduction

Moving Through the Network

Spawning Processes Remotely

Moving Laterally Using WMI

Use of Alternate Authentication Material

[0;97d82]-2-0-40e10000-t2_felicia.dean@krbtgt-ZA.TRYHACKME.COM.kirbi

|_______| ^ |________| |_____________| |_____________________||_____|

| | | | | |______file extension

| | | | |

| | | | |______resource

| | | |

| | | |______user/computer account (ticket owner)

| | |

| | |______0x40e10000 kerberos flag [1]

| |

| |______kerberos ticket type

| 0 = TGS / 1 = Client ticket / 2 = TGT

|

|__________0x97d82 user LUID [2]

Abusing User Behaviour

Port Forwarding

Conclusion

PreviousWindows Local Persistence NextData Exfiltration

Last updated 1 year ago