# Lateral Movement

* [WinRM for Lateral Movement](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/winrm-for-lateral-movement)
* [WinRS for Lateral Movement](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/winrs-for-lateral-movement)
* [WMI for Lateral Movement](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/wmi-for-lateral-movement)
* [RDP Hijacking for Lateral Movement with tscon](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/rdp-hijacking-for-lateral-movement-with-tscon)
* [Shared Webroot](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/shared-webroot)
* [Lateral Movement via DCOM](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/lateral-movement-via-dcom)
* [WMI + MSI Lateral Movement](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/wmi-for-lateral-movement)
* [Lateral Movement via Service Configuration Manager](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/lateral-movement-via-service-configuration-manager)
* [Lateral Movement via SMB Relaying](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/lateral-movement-via-smb-relaying)
* [WMI + NewScheduledTaskAction Lateral Movement](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/wmi-+-newscheduledtaskaction-lateral-movement)
* [WMI + PowerShell Desired State Configuration Lateral Movement](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/wmi-+-powershell-desired-state-configuration-lateral-movement)
* [Simple TCP Relaying with NetCat](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/simple-tcp-relaying-with-netcat)
* [Empire Shells with NetNLTMv2 Relaying](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/empire-shells-with-netnltmv2-relaying)
* [Lateral Movement with Psexec](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/lateral-movement-with-psexec)
* [From Beacon to Interactive RDP Session](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/from-beacon-to-interactive-rdp-session)
* [SSH Tunnelling / Port Forwarding](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/ssh-tunnelling-port-forwarding)
* [Lateral Movement via WMI Event Subscription](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/lateral-movement-via-wmi-event-subscription)
* [Lateral Movement via DLL Hijacking](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/lateral-movement-via-dll-hijacking)
* [Lateral Movement over headless RDP with SharpRDP](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/lateral-movement-over-headless-rdp-with-sharprdp)
* [Man-in-the-Browser via Chrome Extension](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/man-in-the-browser-via-chrome-extension)
* [ShadowMove: Lateral Movement by Duplicating Existing Sockets](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/shadowmove-lateral-movement-by-duplicating-existing-sockets)
* [Previous: Credentials Collection via CredUIPromptForCredentials](https://www.ired.team/offensive-security/credential-access-and-credential-dumping/credentials-collection-via-creduipromptforcredentials)
* [Next: WinRM for Lateral Movement](https://hamcodes.gitbook.io/hackersnotes/offensive-security/lateral-movement/winrm-for-lateral-movement)