When leveraging the Empire framework in a post-exploitation phase, which action best facilitates lateral movement while minimizing the risk of detection?
Brute-forcing network service accounts to gain access to additional systems.
Using Over-Pass-The-Hash (passing the ticket) to access resources with Kerberos authentication.
Executing a PowerShell remoting session to move to other machines using compromised credentials.
Deploying Mimikatz on the compromised machine to extract plaintext passwords directly.