# Lateral Movement
The Adversary will try to move laterally in the environment in search for some critical
\
servers/assets.
\
• Some of the techniques that can be used are :
\
• PowerShell Remoting
\
• Windows Management Instrumentation (WMI)
\
• Invoke-Mimikatz.ps1 etc
\
• It is advised to choose a method which is stealth and leave almost no footprints on ANY
\
machines the Adversary is targeting.
### PowerShell Remoting
It used WinRM protocol and runs by-default on TCP ports 5985 (HTTP) and 5986 (HTTPS)
\
• It is a recommended way to manage Windows core servers.
\
• This comes enabled by-default from Windows Server 2012.
\
• Adversary uses this utility to connect to remote computers/servers and execute commands upon
\
achieving high privileges.
\
• Example : Invoke-Command, New-PSSession, Enter-PSSession
Configuration is easy “Enable-PSRemoting -SkipNetworkProfileCheck -Verbose -Force” as
\
administrator.
\
• It is used to run commands and scripts on :
\
• Windows Servers/workstations
\
• Linux machines too (PowerShell is Open-Source project)
\
• Example commands :
```
$session = New-PSSession –Computername Windows-Server
Invoke-Command –Session $session –ScriptBlock {Whoami;hostname}
Enter-Pssession –Session $session -verbose
```
