Analyzing Lateral Movement and Pivoting IOCs Flashcards
A technique to progressively move through a network to search for the key data
and assets that are ultimately the target of an attack campaign
Lateral Movement
The use of one infected computer to attack a different computer
Pivoting uses the compromised system to attack other systems on the same
network to avoid restrictions such as firewall configurations
When an attacker uses a compromised host (the pivot) as a platform from which
to spread an attack to other points in the network
Pivoting
A network-based attack where the attacker steals hashed user credentials and
uses them as-is to try to authenticate to the same network the hashed credentials
originated on
Pass the Hash
An open-source application that allows users to view and save authentication
credentials in order to perform pass the hash attacks
Mimikatz
While a pass the hash attack will work on local workstations, a Kerberos ticket is
needed in an Active Directory environment
A Kerberos ticket that can grant other tickets in an Active Directory environment
Golden tickets can grant administrative access to other domains members and
domain controllers
Golden Ticket
The trust anchor of the Active Directory domain which functions like a private key
of a root certificate authority and generates ticket-granting tickets (TGT) that are
used by users to access services within Kerberos
krbtgt hash
Any combination of hardware and software to enable the remote access tools or
information that typically reside on a network of IT devices
Remote Access Services
Provides users with a terminal interface and enables administrators to run scripts
to manage those computers
Windows Management Instrumentation Command-Line (WMIC
A tool developed as an alternative to Telnet and other remote access services
which utilizes the Windows SYSTEM account for privilege escalation
PsExec
A task automation and configuration management framework from Microsoft,
consisting of a command-line shell and the associated scripting language
A tool developed as an alternative to Telnet and other remote access services
which utilizes the Windows SYSTEM account for privilege escalation