Breach Simulation using SliverC2
Breach Simulation: Lateral Movement using Sliver C2
This was designed to be tested against a certain security product, I focused on post-exploitation flow using Sliver C2 to demonstrate how initial access can be expanded into internal lateral movement inside a segmented environment. All testing was conducted in a testing active directory environment built especially for this.
Command & Control
After the initial payload execution, the compromised host established a reverse TCP connection back to my external C2 server. From there, We have an interactive session and full control over the endpoint.
Credential Access
Once I had a stable session, I moved into credential harvesting. I used Mimikatz to extract NTLM hashes and Kerberos tickets directly from LSASS.
Pivoting via Tunnel
To reach internal systems that were not directly exposed, I set up a Chisel tunnel from my attack machine.
Server was running externally
On the compromised host (socenv), I ran the Chisel client to create a reverse SOCKS5 tunnel back through the C2 channel. This effectively places my tooling inside the internal network.
Internal Reconnaissance
Through the tunnel, I ran internal discovery using netexec. The focus was on identifying live hosts, open SMB services, and reachable systems across the subnet.
Mapping potential lateral movement targets, Going further into the network.
Lateral Movement
With valid domain credentials already extracted, I targeted an internal system at 10.2.13.214.
Using netexec authenticated over SMB and executed a remote command to verify access before deploying the payload.
From there, I delivered the backdoor using a PowerShell download-and-execute.
Second Foothold
The payload executed successfully on 10.2.13.214, and a new C2 session was established.
At this point, We have a second independent foothold inside the network, separate from the initial host.
Credential Expansion
On the newly compromised machine, I repeated credential extraction using Mimikatz.
Successful lateral propagation across the environment.