Red Teaming Experiments
Red Teaming Experiments
linkedin
github
@spotheplanet
patreon
What is this?
Pinned
Pentesting Cheatsheets
Active Directory & Kerberos Abuse
offensive security
Red Team Infrastructure
Initial Access
Code Execution
Code & Process Injection
Defense Evasion
Enumeration and Discovery
Privilege Escalation
Credential Access & Dumping
Lateral Movement
T1028: WinRM for Lateral Movement
WinRS for Lateral Movement
T1047: WMI for Lateral Movement
T1076: RDP Hijacking for Lateral Movement with tscon
T1051: Shared Webroot
T1175: Lateral Movement via DCOM
WMI + MSI Lateral Movement
Lateral Movement via Service Configuration Manager
Lateral Movement via SMB Relaying
WMI + NewScheduledTaskAction Lateral Movement
WMI + PowerShell Desired State Configuration Lateral Movement
Simple TCP Relaying with NetCat
Empire Shells with NetNLTMv2 Relaying
Lateral Movement with Psexec
From Beacon to Interactive RDP Session
SSH Tunnelling / Port Forwarding
Lateral Movement via WMI Event Subscription
Lateral Movement via DLL Hijacking
Lateral Movement over headless RDP with SharpRDP
Persistence
Exfiltration
reversing, forensics & misc
Windows Kernel / Internals
Exploring Process Environment Block
ETW: Event Tracing for Windows 101
Parsing PE File Headers with C++
Exploring Injected Threads
Dump Virtual Box Memory
AES Encryption Using Crypto++ .lib in Visual Studio C++
Reversing Password Checking Routine
Powered by GitBook

Lateral Movement

Here are the articles in this section:
T1028: WinRM for Lateral Movement
PowerShell remoting for lateral movement.
WinRS for Lateral Movement
T1047: WMI for Lateral Movement
Windows Management Instrumentation for code execution, lateral movement.
T1076: RDP Hijacking for Lateral Movement with tscon
This lab explores a technique that allows a SYSTEM account to move laterally through the network using RDP without the n...
T1051: Shared Webroot
Lateral Movement
T1175: Lateral Movement via DCOM
Lateral Movement via Distributed Component Object Model
WMI + MSI Lateral Movement
WMI lateral movement with .msi packages
Lateral Movement via Service Configuration Manager
Lateral Movement via SMB Relaying
WMI + NewScheduledTaskAction Lateral Movement
WMI + PowerShell Desired State Configuration Lateral Movement
Lateral Movment, Privilege Escalation
Simple TCP Relaying with NetCat
Empire Shells with NetNLTMv2 Relaying
Lateral Movement with Psexec
From Beacon to Interactive RDP Session
Lateral Movement, Tunnelling, Firewall Evasion
SSH Tunnelling / Port Forwarding
Exploring SSH tunneling
Lateral Movement via WMI Event Subscription
Lateral Movement via DLL Hijacking
Lateral Movement over headless RDP with SharpRDP
Previous
Credentials Collection via CredUIPromptForCredentials
Next
T1028: WinRM for Lateral Movement
Last updated 2 years ago