ShadowMove Pivot Technique
ShadowMove is a novel technique to hijack sockets from non-cooperative processes. It is described in the paper ShadowMove: A Stealthy Lateral Movement Strategy presented at USENIX ‘20. This technique takes advantage of the fact that AFD (Ancillary Function Driver) file handles are treated as socket handles by Windows APIs, so it is possible to duplicate them with
https://adepts.of0x.cc/shadowmove-hijack-socket/
#shadowmove #hijacking #socket #redteam
ShadowMove is a novel technique to hijack sockets from non-cooperative processes. It is described in the paper ShadowMove: A Stealthy Lateral Movement Strategy presented at USENIX ‘20. This technique takes advantage of the fact that AFD (Ancillary Function Driver) file handles are treated as socket handles by Windows APIs, so it is possible to duplicate them with
WSADuplicateSocket().https://adepts.of0x.cc/shadowmove-hijack-socket/
#shadowmove #hijacking #socket #redteam