Movement

In place and remote movement

In Place Movement

Methods

  • Token stealing

  • MS14-068

  • Pass the hash

  • Process Injection

  • runas

In place movement Resources

https://www.indetectables.net/viewtopic.php?p=211165 https://adsecurity.org/?page_id=1821 https://github.com/bidord/pykek https://adsecurity.org/?p=676 http://www.hackplayers.com/2014/12/CVE-2014-6324-como-validarse-con-cualquier-usuario-como-admin.html https://github.com/n1nj4sec/pupy http://www.powershellempire.com/?page_id=273 https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Invoke-Runas.ps1 https://github.com/FuzzySecurity/PowerShell-Suite

Remote Movement

Common Windows Domain Methods

Other Remote Movement Resources

http://www.powershellempire.com/?page_id=523 https://code.google.com/archive/p/passing-the-hash/downloads https://github.com/byt3bl33d3r/pth-toolkit https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc754599(v=ws.11)?redirectedfrom=MSDN https://github.com/byt3bl33d3r/pth-toolkit https://github.com/CoreSecurity/impacket/blob/master/examples/wmiexec.py https://www.trustedsec.com/blog/no_psexec_needed/ http://www.powershellempire.com/?page_id=124 http://www.maquinasvirtuales.eu/ejecucion-remota-con-powershell/ https://adsecurity.org/?p=2277 https://www.secureworks.com/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems https://github.com/PowerShellEmpire/Empire/blob/master/lib/modules/lateral_movement/new_gpo_immediate_task.py

PreviousMovementNextEvasion

Last updated