PowerShell Remoting Setup Between Two Windows Machines This guide walks you through setting up PowerShell Remoting between two Windows machines (attacker and target) in a non-domain (workgroup) environment. It covers user creation, enabling remoting, setting TrustedHosts, and allowing unencrypted traffic — ideal for labs. On the Target Machine 1. Create a New Local User 2. […]
XFreeRDP: Access with and without Passwords xfreerdp is a powerful, flexible Remote Desktop Protocol (RDP) client for Linux that supports both password-based and Pass-the-Hash authentication. It’s a go-to tool when you’ve popped Windows credentials during an internal engagement. Basic Syntax Example: Domain User Authentication When authenticating as a domain user: Example: Alternatively: Pass-the-Hash (PtH) with
Mastering SSH: Keys, Tunnels, and Pivoting SSH (Secure Shell) is a foundational protocol for managing and accessing remote systems. For pentesters, it’s not just about logging in — it’s a powerful tool for pivoting, tunneling, and stealthy movement across networks. This post covers everything you need to know about SSH during an engagement: finding keys,
reGeorg: Rebuilding the Web Shell Tunnel for Internal Access When you land a shell on a web server in a DMZ but can’t reach internal systems directly — welcome to one of the most common pivoting challenges in real-world pentesting. That’s where reGeorg comes in. reGeorg is a powerful tool used by pentesters and red
Using SOCKS Proxy vs. Port Forwarding: A Pentester’s Guide When performing internal penetration testing, gaining a foothold is just the beginning. The next step is pivoting — finding a way to explore deeper into restricted networks. Two powerful techniques for this are SOCKS proxying and port forwarding. Both serve different purposes, and knowing when to
