← Back to search

Responder in compromised host context

ad privescwindowschecklist

Summary

A writable share may enable hash capture.

Walkthrough

Consider capturing authentication from the compromised host's network position, e.g. via a writable share that coerces other systems to authenticate. A hit is a captured NetNTLM hash to crack or relay.