WINDOWS MOVEMENT

PRIMARY CATEGORY → WINDOWS PENTESTING

Components ⟡

• 
  • CREDENTIALS
• 
  • NTLM
• 
  • KERBEROS
• 
  • DACL ABUSE
• 
  • MITM - COERCION
• 
  • ADCS
• 
  • SCHANNEL

---

Protection Mechanisms

Credentials and Processes

• 
  • UAC
• 
  • LSA PROTECTION
• 
  • CREDENTIAL GUARD

---

Lateral Movement Mitigations

Policies and Directives

• 
  • UAC RESTRICTIONS
• 
  • ADMIN APPROVAL MODE
• 
  • RESTRICTED ADMIN MODE

---

Windows Authentication Process

Reference I    •    Reference II

Interactive Logon

Logon Type 2 (Interactive)

Logon Type 10 (RemoteInteractive)

SSO

Zoom In

Zoom In

Non-Interactive Logon

Logon Type 3 (Network)

SSPI (Security Support Provider Interface) + SSP

Credentials are not stored on the Target Server

There are exceptions such as RDP with CredSSP or Kerberos Delegations