> .ROLE
PENETRATION TESTER, CYBERSECURITY CONSULTANT
> .DETAILS
PIVOTING IS ESSENTIAL IN NETWORKING ASSESSMENTS. WHETHER YOU ARE TRYING TO ESCALATE PRIVILEGES OR BYPASS SEGMENTATION, PIVOTING IS ALMOST ALWAYS PERFORMED ONCE PERMISSIONS ARE OBTAINED.
ONCE YOU HAVE A WINDOWS HOST CALLING BACK TO YOUR ATTACKER VM, RESEARCH A PIVOTING TECHNIQUE. SOME C2 TOOLS INCLUDE PIVOTING TECHNIQUES IN THE FORM OF SCRIPTS, OTHERS JUST GIVE YOU THE TOOLS TO PERFORM WHATEVER TECHNIQUE YOU DESIRE. EITHER WAY, YOU SHOULD PERFORM AN SMB PIVOT TO ANOTHER DOMAIN COMPUTER. ONCE YOU HAVE PERFORMED THAT PIVOT, DOCUMENT THE STEPS ON HOW THE TECHNIQUE WORKS, AND INCLUDE PROOF THAT THE PIVOT WAS MADE AND THAT IT WAS USING SMB. MAKE SURE TO INCLUDE ANY NEEDED REFERENCES TO THE TECHNIQUE.
> .TECHNOLOGY
COVENANT C2, VMWARE, WINDOWS SERVERS, KALI LINUX