SSH Tunnelling to Punch Through Corporate Firewalls – Updated take on one of the oldest LOLBINs
This write-up discusses advanced SSH tunneling techniques for network penetration testing and red team engagements. It focuses on using the native OpenSSH client in Windows 10/11 to create reverse dynamic SOCKS proxies, allowing testers to access internal networks and run offensive tools remotely. The guide covers: 1. Using the -R flag for reverse dynamic proxies 2. Techniques to bypass corporate firewalls, including using Azure domains and ASN IP ranges 3. Methods for payload delivery and data exfiltration using SCP 4. OpSec-safe PowerShell script execution through SSH The write-up also includes recommendations for defenders, such as removing the SSH client from non-technical staff endpoints, securing corporate firewall settings, and monitoring for SSH binary execution.
FEATURES
SIMILAR TOOLS
A collaborative repository of CTF write-ups and source files from 2014 competitions that allows community contributions to address scattered documentation issues.
A tool for testing and analyzing RFID and NFC tags, allowing users to read and write data, and perform various attacks and tests.
A centralized repository containing CTF source files and write-ups from 2015 competitions, providing accessible documentation and solutions for cybersecurity challenges.
A comprehensive cheat sheet for using JtR (John the Ripper), a password cracking tool.
A collection of CTF writeups from various competitions including picoCTF, GLUG, TUCTF, and HackTheBox challenges, providing detailed solutions and explanations for cybersecurity competition problems.
A behavior-based malware detection system for Android platforms that uses crowdsourcing to detect anomalies and malware in applications.
A community-maintained archive of CTF write-ups and source files from cybersecurity competitions held in 2013.
CTF Writeups are detailed educational documents that explain the step-by-step solutions to Capture The Flag cybersecurity challenges, serving as learning resources for security professionals.
Utilizing SIEM, SOAR, and EDR technologies to enhance security operations with a focus on reducing incident response time.