RIO
  • Welcome
    • RIO
    • Useful Links
  • PENTESTING
    • Methodology
    • Protocols
      • FTP
      • SMB
      • NFS
      • SSH
      • RDP
      • SMTP
      • IMAP / POP3
      • RSYNC
      • SNMP
      • IPMI
      • R-Services
      • WinRM
      • WMI
      • LDAP
    • Databases
      • MySQL
      • MSSQL
      • Oracle TNS
      • PostgreSQL
    • File Transfers
      • Windows
      • Linux
      • Code
      • Misc
    • Password Attacks
      • John The Ripper
      • Hashcat
    • Docker
  • TOOLS
    • Nmap
    • Metasploit
    • BloodHound
    • Other
  • Linux
    • Theory
    • Commands and Utilities
      • Useful Commands
    • Bash Scripting
    • Post-Exploitation
      • Cred Hunting
      • Pivoting
    • Privilege Escalation
  • WINDOWS
    • Theory
      • Security
    • Commands and Utilities
    • PowerShell
    • Post-Exploitation
      • Tools
      • Enumeration
        • System
        • Network
        • Users
        • Groups
        • Processes / Services
        • Permissions
        • Defence
        • Programs
        • Files
      • Access
      • Pivoting
      • Cred Hunting
    • Privilege Escalation
      • Privileges
      • Built-In Groups
        • Backup Operators
        • Server Operators
        • Print Operators
        • DnsAdmins
        • Event Log Readers
      • Privilege Abuse
        • Potatoes
        • SeDebugPrivilege
        • SeTakeOwnershipPrivilege
      • MISC
        • UAC Bypass
        • User-Interaction Attacks
        • Weak Permissions
  • ACTIVE DIRECTORY
    • Theory
      • Terminology
    • Reconnaissance
      • Responder
      • Password Policies
      • DNS
      • Enumeration
        • Users
        • Groups
          • GPO's
        • Shares
        • Domain
        • Trusts
        • ACL
    • Movement
      • Credentials
        • Dumping
          • DCSync
        • Making a Target List
        • Spraying
        • Powershell Remoting
      • Kerberos
        • Kerbrute
        • Kerberoasting
          • Semi-Manual Way
          • Targeted Kerberoasting
        • ASREProasting
        • Forging
          • Golden Ticket
        • Overpass The Hash
        • Pass The Ticket
        • noPAC
      • MITM / Coerced Auths
        • LLMNR, NBT-NS Poisoning
        • PetitPotam
      • DACL Abuse
        • AddMember
        • ForceChangePassword
      • Trust Abuse
        • ExtraSIDs
      • ADCS
      • Printers
        • PrintNightmare
    • Tools
  • Networking
    • Theory
      • Types / Topologies
      • OSI & TCP/IP Models
      • TCP / UDP
      • MAC Addresses
      • IP / Subnetting
      • Proxies
      • ARP
    • Pivoting
      • Port-Forwarding
    • Commands and Utilities
    • Techniques
  • WEB
    • Web Recon
      • Fuzzing
    • DNS
  • CLOUD
    • Google GKE/GCP
      • Theory
Powered by GitBook
On this page
  • LATERAL MOVEMENT
  • PIVOTING
  • TUNNELING
  • PORT-FORWARDING
  1. Networking

Pivoting

LATERAL MOVEMENT

Lateral Movement is not only about finding additional hosts, but find some services, application, useres AND hosts for a way to privesc.

PIVOTING

Pivoting is about using some other host as a proxy to move further in internal network.

TUNNELING

Tunneling is a part of Pivoting, but here we are using some other protocol to encapsulate, smuggle our traffic into network for example to bypass EDR or for OPSEC. As example to use HTTP for our c2 server.

PORT-FORWARDING

Port-Forwarding is part of Pivoting, but here we are using a ssh protocol (mostly) to port forward some our local port to victim's port.

PreviousARPNextPort-Forwarding