SSH Tunnelling to Punch Through Corporate Firewalls – Updated take on one of the oldest LOLBINs
#Knowledge Base#Write-ups
A comprehensive reference guide to Nmap's scripting engine and its various options, scripts, and target specifications.
Exploring Advanced SSH Tunneling Techniques
This write-up explores advanced SSH tunneling techniques used in network penetration testing and red team engagements.
Utilizing the Native OpenSSH Client for Proxy Creation
This approach focuses on using the native OpenSSH client available in Windows 10/11 to establish reverse dynamic SOCKS proxies. This setup enables testers to access internal networks and operate offensive tools from a remote location.
The guide covers essential techniques and strategies
1. Utilizing the -R flag for reverse dynamic proxies.
2. Strategies for circumventing corporate firewalls, which include leveraging Azure domains and ASN IP ranges.
3. Approaches for delivering payloads and exfiltrating data using SCP.
4. Executing OpSec-safe PowerShell scripts through SSH.
The write-up also includes recommendations for enhancing security measures
The write-up also includes recommendations for defenders, such as removing the SSH client from endpoints used by non-technical staff, securing the settings of corporate firewalls, and actively monitoring for the execution of SSH binaries.
