Lateral Movement Flashcards
1
Q
Remote Procedure Call and Distributed Component Object Model (Lateral Movement)
A
- Remote procedure call RPC - used in windows to allow remote execution of code on a remote computer
- distributed Component Object Model DCOM - microsoft tech for comms between software components on networked computers
- PsExec - lightweight telnet replacement that executes processes on other systems without having to manually install client software
- Windows Management Instrumentation WMI - specification from microsoft for consolidating management of devices and apps in network from windows computing systems
2
Q
PS Remoting and WinRM (Lateral Movement)
A
- Powershell Remoting - allows computer to receive windows powershell remote commands
- Windows Remote Management WinRM - allows admins to remotely run management scripts using WS Management Protocol, Remote Management is run on server, Remote Shell is run in client
- Server message Block
3
Q
Remote Desktop Protocol RDP (Lateral Movement)
A
*allows remote access to machine over network through GUI
4
Q
Apple Remote Desktop
A
*allows remote access to machine over network through GUI for Apple
5
Q
Virutal Network Computing VNC
A
- operates like RDP but is cross platform
6
Q
X11 Forwarding (Lateral Movement)
A
*X11 forwarding provides a GUI by forwarding the x-windows/x-server over an SSH connection
7
Q
Telnet (Lateral Movement)
A
- permits sending commands to remote devices, information is sent in plaintext
8
Q
SSH (Lateral Movement)
A
*works like telnet but encrypted to create a secure channel between client and server
9
Q
RSH and Rlogin (Lateral Movement)
A
- Remote Shell RSH - Command line program used to execute shell commands as another user on another computer over the network, unsecure because it doesnt use encryption, use SSH instead
- Rlogin - Rsh created as part of rlogin package in BSD Unix, allowed a user to login and issue commands on another Unix computer over a TCP/IP network
