SSH Tunnelling to Punch Through Corporate Firewalls – Updated take on one of the oldest LOLBINs Logo

SSH Tunnelling to Punch Through Corporate Firewalls – Updated take on one of the oldest LOLBINs

0
Free
4
10 September 2025
Visit Website

This write-up discusses advanced SSH tunneling techniques for network penetration testing and red team engagements. It focuses on using the native OpenSSH client in Windows 10/11 to create reverse dynamic SOCKS proxies, allowing testers to access internal networks and run offensive tools remotely. The guide covers: 1. Using the -R flag for reverse dynamic proxies 2. Techniques to bypass corporate firewalls, including using Azure domains and ASN IP ranges 3. Methods for payload delivery and data exfiltration using SCP 4. OpSec-safe PowerShell script execution through SSH The write-up also includes recommendations for defenders, such as removing the SSH client from non-technical staff endpoints, securing corporate firewall settings, and monitoring for SSH binary execution.

FEATURES

SIMILAR TOOLS

A collaborative repository of CTF write-ups and source files from 2014 competitions that allows community contributions to address scattered documentation issues.

A tool for testing and analyzing RFID and NFC tags, allowing users to read and write data, and perform various attacks and tests.

A centralized repository containing CTF source files and write-ups from 2015 competitions, providing accessible documentation and solutions for cybersecurity challenges.

A comprehensive cheat sheet for using JtR (John the Ripper), a password cracking tool.

A collection of CTF writeups from various competitions including picoCTF, GLUG, TUCTF, and HackTheBox challenges, providing detailed solutions and explanations for cybersecurity competition problems.

A behavior-based malware detection system for Android platforms that uses crowdsourcing to detect anomalies and malware in applications.

A community-maintained archive of CTF write-ups and source files from cybersecurity competitions held in 2013.

CTF Writeups are detailed educational documents that explain the step-by-step solutions to Capture The Flag cybersecurity challenges, serving as learning resources for security professionals.

Utilizing SIEM, SOAR, and EDR technologies to enhance security operations with a focus on reducing incident response time.

PINNED

RoboShadow Logo

A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.

Vulnerability Management
Proton Pass Logo

Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.

Data Protection
NordVPN Logo

NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.

Network Security
Mandos Logo

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting
CybersecTools logoCybersecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved