PsExec.exe will spawn an Administrator cmd.exe

PsExec will spawn an Administrator cmd.exe via the PsExeSvc.exe process running as a service

PsExec will spawn a SYSTEM cmd.exe via the PsExeSvc.exe process running as a service

PsExec.exe will spawn a SYSTEM cmd.exe

System Service Discovery

Masquerading

Steal or Forge Kerberos Tickets

Forced Authentication

Unquoted Service File Paths

Weak Service Permissions

SUID Executables

Find command Vulnerability

Credential Dumping with Impacket's Wmiexec.py

Credential Dumping with Mimikatz

Privilege Escalation with Impacket's Wmiexec.py

Credential Dumping with Impacket's Psexec.py

Launch an attack on a server sending 80 separate packets in a short period of time

Identify if a server is running a service using port 80 and is reachable

Use Netcat to remotely administer the server

Use Netcat to start an RDP session on the server

The same path as the executable

The system directory

The directories that are listed in the PATH environment variable

The Windows directory

Network-based

Signature-based

Heuristic-based

Anomaly-based

RDP Hijacking

Kerberoasting

NTLM Hash Dump

DNS Poisoning