Advanced Pivoting Scenario In a targeted network intrusion scenario, like an internal penetration test, a more advanced security professional, once successfully compromised a target using techniques such as, privilege escalation, or a well-chosen exploit may look to investigate any additional networks ranges to compromise. The strategic use of pivoting allows the security professional to re-direct their network traffic, exfiltrate data, and conduct further exploitation from their own machine. What is pivoting? Pivoting is the unique technique of using an instance (also referred to as a ‘plant’ or ‘foothold’) to be able to “move” around inside a network. Using the first compromise to allow and even aid in the compromise of other otherwise inaccessible systems. Pivoting comes with several techniques, such as, applying encryption to hide our tracks from network monitoring services, utilising different toolsets to allow for cross-compatibility; for example, targeting a Windows operating system but pivoting with a Linux based machine. Additionally, there is the need to decide how to apply the toolsets, do we need to use a framework, like Metasploit? Or is there the possibility of using standalone binaries. How will we use pivoting on the course? In this course, we will show you a number of tools and techniques to have the ability to pivot through a tiered-network to reach new network ranges and how to exploit targets within the newly found networks. This includes: - Static SSH - Dynamic SSH - Pivoting with Metasploit - Using SShuttle - Using Chisel

An enumeration and exploitation walkthrough, of a victim machine that has multiple IP Addresses and can therefore be used as a pivot point