🗃️ Authentication
3 items
📄️ Spawning Processes Remotely
Windows Services can also be leveraged to run arbitrary commands since they execute a command when started. While a Service executable is technically different from a Regular Application, if we configure a Windows Service to run any application, it will still execute it and Fail Afterwards.
📄️ WMI
Windows Management Instrumentation (WMI) is Windows implementation of Web-Based Enterprise Management (WBEM), an enterprise standard for accessing management Information across devices. WMI allows Administrators to perform Standard Management Tasks that Attackers can abuse to perform Lateral Movement.
📄️ RDP Hijacking
Works only on Windows Server 2016 and Earlier.
📄️ Port Forwarding
Port Forwarding is a mechanism for Tunneling Application Ports from the Client Machine to the Server Machine, or vice versa. It can be used for adding encryption to legacy applications, going through Firewalls.