SSH Tunnelling to Punch Through Corporate Firewalls – Updated take on one of the oldest LOLBINs
This write-up discusses advanced SSH tunneling techniques for network penetration testing and red team engagements. It focuses on using the native OpenSSH client in Windows 10/11 to create reverse dynamic SOCKS proxies, allowing testers to access internal networks and run offensive tools remotely. The guide covers: 1. Using the -R flag for reverse dynamic proxies 2. Techniques to bypass corporate firewalls, including using Azure domains and ASN IP ranges 3. Methods for payload delivery and data exfiltration using SCP 4. OpSec-safe PowerShell script execution through SSH The write-up also includes recommendations for defenders, such as removing the SSH client from non-technical staff endpoints, securing corporate firewall settings, and monitoring for SSH binary execution.
FEATURES
SIMILAR TOOLS
A collaborative repository of CTF write-ups and source files from 2014 competitions that allows community contributions to address scattered documentation issues.
A tool for testing and analyzing RFID and NFC tags, allowing users to read and write data, and perform various attacks and tests.
A centralized repository containing CTF source files and write-ups from 2015 competitions, providing accessible documentation and solutions for cybersecurity challenges.
A comprehensive cheat sheet for using JtR (John the Ripper), a password cracking tool.
A collection of CTF writeups from various competitions including picoCTF, GLUG, TUCTF, and HackTheBox challenges, providing detailed solutions and explanations for cybersecurity competition problems.
A behavior-based malware detection system for Android platforms that uses crowdsourcing to detect anomalies and malware in applications.
A community-maintained archive of CTF write-ups and source files from cybersecurity competitions held in 2013.
CTF Writeups are detailed educational documents that explain the step-by-step solutions to Capture The Flag cybersecurity challenges, serving as learning resources for security professionals.
Utilizing SIEM, SOAR, and EDR technologies to enhance security operations with a focus on reducing incident response time.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.