When leveraging the Empire framework in a post-exploitation phase, which action best facilitates lateral movement while minimizing the risk of detection?
Executing a PowerShell remoting session to move to other machines using compromised credentials.
Using Over-Pass-The-Hash (passing the ticket) to access resources with Kerberos authentication.
Deploying Mimikatz on the compromised machine to extract plaintext passwords directly.
Brute-forcing network service accounts to gain access to additional systems.
Using Over-Pass-The-Hash (passing the ticket) is a technique that allows an attacker to authenticate to services that leverage Kerberos for authentication using a stolen ticket without the need to crack the password. This method is more stealthy than Pass-The-Hash, which can be detected with modern security systems. PowerShell remoting can potentially leave obvious logs, Mimikatz is useful but can be detected by antivirus software, and brute-forcing would be noisy and likely draw attention from system administrators.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Over-Pass-The-Hash?
Open an interactive chat with Bash
Why is Kerberos authentication important?
Open an interactive chat with Bash
What are common security measures against lateral movement techniques?