ps tools lateral movement
OpenIOC1.0
by john lukach
sha1:
8e556f92c5b60380c3cb625ac99a3811f3adb954
short description:
ps tools lateral movement
long description:
pstools are a common resource used to manage remote systems. during execution of psexec, psfile, psgetsid, psinfo, pskill, pslist, psloggedon, psloglist, pspasswd, psservice, psshutdown, and pssuspend the eula software license agreement must be accepted. a registry entry is created allowing you to determine which tools have been used on a specific machine. i used the regripper framework by harlan carvey to create a new plugin that will be available at: http://regripper.wordpress.com to harvest these artifacts.