Lateral Movement – WinRM
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 2c8e33f3-9c84-4ea9-aa40-23478e2640d5 |
| Fingerprint | be2b4d532501c1cd |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 15, 2018, 1:18 p.m. |
| Added to db | Jan. 18, 2023, 10:08 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Lateral Movement – WinRM |
| Title | Lateral Movement – WinRM |
| Detected Hints/Tags/Attributes | 38/1/20 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://pentestlab.blog/2018/05/15/lateral-movement-winrm/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 9 | blog.netspi.com |
|
| Details | Domain | 1 | pentestn00b.wordpress.com |
|
| Details | Domain | 10 | blog.cobaltstrike.com |
|
| Details | Domain | 13 | blog.rapid7.com |
|
| Details | Domain | 19 | www.trustedsec.com |
|
| Details | File | 27 | invoke-mimikatz.ps1 |
|
| Details | File | 1208 | powershell.exe |
|
| Details | IPv4 | 34 | 10.0.0.2 |
|
| Details | IPv4 | 97 | 10.0.0.1 |
|
| Details | IPv4 | 15 | 10.0.0.3 |
|
| Details | MITRE ATT&CK Techniques | 5 | T1028 |
|
| Details | Url | 1 | https://10.0.0.3:8080/4wm88bqsuzs |
|
| Details | Url | 1 | https://attack.mitre.org/wiki/technique/t1028 |
|
| Details | Url | 1 | https://blog.netspi.com/powershell-remoting-cheatsheet |
|
| Details | Url | 1 | https://pentestn00b.wordpress.com/2016/08/22/powershell-psremoting-pwnage |
|
| Details | Url | 1 | https://blog.cobaltstrike.com/2015/07/22/winrm-is-my-remote-access-tool |
|
| Details | Url | 1 | https://blog.rapid7.com/2012/11/08/abusing-windows-remote-management-winrm-with-metasploit |
|
| Details | Url | 1 | https://www.trustedsec.com/2017/09/using-winrm-meterpreter |