Lateral Movement

WinRM for Lateral MovementWinRS for Lateral MovementWMI for Lateral MovementRDP Hijacking for Lateral Movement with tsconShared WebrootLateral Movement via DCOMWMI + MSI Lateral MovementLateral Movement via Service Configuration ManagerLateral Movement via SMB RelayingWMI + NewScheduledTaskAction Lateral MovementWMI + PowerShell Desired State Configuration Lateral MovementSimple TCP Relaying with NetCatEmpire Shells with NetNLTMv2 RelayingLateral Movement with PsexecFrom Beacon to Interactive RDP SessionSSH Tunnelling / Port ForwardingLateral Movement via WMI Event SubscriptionLateral Movement via DLL HijackingLateral Movement over headless RDP with SharpRDPMan-in-the-Browser via Chrome ExtensionShadowMove: Lateral Movement by Duplicating Existing Sockets
PreviousCredentials Collection via CredUIPromptForCredentialsNextWinRM for Lateral Movement