SecuriTree Home

SecuriTree

Windows Security
- Post-exploitation
  - Network Tunneling
    (Ligolo-ng, Chisel)
  - Reverse Shell
  - System Manipulation
  - File Transfer
- Lateral Movement
  - Common Problems
    - Double Hop
    - Remote UAC
  - Techniques
    - Access Token Manipulation
      (RunAs, RunasCs)
    - Pass-the-Ticket (Kerberos)
      (Rubeus, getTGT)
  - Technologies
    - MS-RPC
      - MS-DCOM
      - MS-RRP
      - MS-SCMR
        (PsExec, SmbExec, ScExec)
      - MS-TSCH
      - MS-WMI
        (WmiExec)
    - RDP
    - WinRM
      (winrs, PS Remoting)
- Domain Privesc
  - ACL Abuse
  - AD Delegation Abuse
    - Constrained Delegation
    - Resource-Based Constrained Delegation
    - Unconstrained Delegation
  - AS-Rep Roasting
  - Certificate Service Abuse
  - Credentials Dump
    - DCSync
    - LSASS Memory
    - Local SAM
    - Windows Vault
  - Group Policies
  - Information to steal
    (files, logs, processes, ...)
  - Kerberoasting
  - Local Admin Hunting
  - MSSQL Abuse
  - NTLM Hash Stealing
  - NTLM Relay
  - Password Spraying
  - RDP Hijacking
  - Tasks and Services Abuse
- Reconnaissance
  - Active Directory
  - DNS
  - LDAP
  - NetBIOS
  - NFS
  - Port Scanning
  - RPC
  - SMB
  - SMTP
  - SNMP

#Windows Security #Lateral Movement

Windows Lateral Movement

At SecuriTree, we define Lateral Movement as a situation where an attacker already has valid credentials (e.g. password, NT hash or Kerberos TGT) and his job is to use them to gain access to new resources on the network.

This site does not focus on obtaining credentials (privilege escalation).

Children

Lateral Movement

Common Problems

Techniques

Access Token Manipulation

Pass-the-Ticket (Kerberos)

Technologies

MS-DCOM

MS-RRP

MS-TSCH