I'm in the process of starting a new video series on network pivoting.

This is something enough people have told me that they struggled with. It's been fun putting the lab together and I'm excited to get more videos out.

Here's a sneak peek: 1/

I have three scenarios setup, and we'll be going through how to deal with each one.

The goal is to pivot through a compromised host that has VPN access to a protected network. 2/

The first scenario is where the attacker and compromised server are on the same local network. To keep things easy, the server is running SSH.

This is the easiest place to use dynamic tunneling. 3/

The second scenario is a little trickier.

The server is on a separate network, but we have RCE and a connect-back shell.

From here, we can do reverse tunneling. 4/

Finally, the third scenario will use a jump host to connect to an RDP server.

This is the only time in my career I've really needed to use a local tunnel instead of a dynamic tunnel. You'll see why later. 5/

So that's what I'm working on.

If you can think of more scenarios or even other places to use local tunneling, let me know. I'd love to hear from you. 6/fin