Gaining access to a system or network is definitely not the end of performing scanning and further exploitation. Once you've gained entry to a secure environment, such as a target organization, this is where you'll need to divide and conquer other internal systems. However, the techniques involved in performing internal scanning are similar to those mentioned in earlier chapters (Chapter 6, Active Information Gathering). Here, new techniques will be introduced for scanning, exploitation, privilege escalation, and performing lateral movements on a network. To elaborate further, you will learn how to perform Man-in-the-Middle (MITM) attacks using various techniques and tools and see how to gather sensitive information such as users' credentials.

In this chapter, we will be covering the following topics:

• Gathering information
• MITM attacks
• Session hijacking
• Dynamic Host Configuration Protocol (DHCP) attacks
• Exploiting LLMNR and NetBIOS-NS
• Web Proxy Auto-Discovery (WPAD) protocol attacks
• Wireshark
• Elevating privileges
• Lateral movement tactics
• PowerShell tradecraft
• Launching a VLAN hopping attack