Red Teaming Experiments
linkedin
github
@spotheplanet
patreon
Search…
What is ired.team?
Pinned
Pentesting Cheatsheets
Active Directory & Kerberos Abuse
offensive security
Red Team Infrastructure
Initial Access
Code Execution
Code & Process Injection
Defense Evasion
Enumeration and Discovery
Privilege Escalation
Credential Access & Dumping
Lateral Movement
WinRM for Lateral Movement
WinRS for Lateral Movement
WMI for Lateral Movement
RDP Hijacking for Lateral Movement with tscon
Shared Webroot
Lateral Movement via DCOM
WMI + MSI Lateral Movement
Lateral Movement via Service Configuration Manager
Lateral Movement via SMB Relaying
WMI + NewScheduledTaskAction Lateral Movement
WMI + PowerShell Desired State Configuration Lateral Movement
Simple TCP Relaying with NetCat
Empire Shells with NetNLTMv2 Relaying
Lateral Movement with Psexec
From Beacon to Interactive RDP Session
SSH Tunnelling / Port Forwarding
Lateral Movement via WMI Event Subscription
Lateral Movement via DLL Hijacking
Lateral Movement over headless RDP with SharpRDP
Man-in-the-Browser via Chrome Extension
ShadowMove: Lateral Movement by Duplicating Existing Sockets
Persistence
Exfiltration
reversing, forensics & misc
Internals
Cloud
Neo4j
Dump Virtual Box Memory
AES Encryption Using Crypto++ .lib in Visual Studio C++
Reversing Password Checking Routine
Powered By
GitBook
Lateral Movement
Here are the articles in this section:
WinRM for Lateral Movement
WinRS for Lateral Movement
WMI for Lateral Movement
RDP Hijacking for Lateral Movement with tscon
Shared Webroot
Lateral Movement via DCOM
WMI + MSI Lateral Movement
Lateral Movement via Service Configuration Manager
Lateral Movement via SMB Relaying
WMI + NewScheduledTaskAction Lateral Movement
WMI + PowerShell Desired State Configuration Lateral Movement
Simple TCP Relaying with NetCat
Empire Shells with NetNLTMv2 Relaying
Lateral Movement with Psexec
From Beacon to Interactive RDP Session
SSH Tunnelling / Port Forwarding
Lateral Movement via WMI Event Subscription
Lateral Movement via DLL Hijacking
Lateral Movement over headless RDP with SharpRDP
Man-in-the-Browser via Chrome Extension
ShadowMove: Lateral Movement by Duplicating Existing Sockets
Previous
Credentials Collection via CredUIPromptForCredentials
Next
WinRM for Lateral Movement
Copy link