Pivoting refers to the distinctive practice of using an instance, which is also called a ‘foothold’ or plant to make it possible for you to move around within the compromised network. This process involves accessing networks that you would normally not have access to by exploiting compromised computers.
Pivoting technique assumes the threat actor has compromised an inside host and wants to expand their access further into the compromised network. An example is a threat actor who has gained access to the administrator password on a compromised host and is attempting to log in to another host using the same credentials.
By exploiting the first compromise, it permits and even helps compromise other systems that are otherwise inaccessible directly. Basically, what pivoting does is to make non-routable traffic routable. Through pivoting, an attacker can configure the working environment to implement the tools in a way that appears as if the attacker was operating from the organization’s local network.
This technique makes cybersecurity so much more difficult since an unsecured computer can offer an entry point to pivot from that destination to other sections of the network.
What Are the Different Types of Pivoting?
Pivoting can be grouped into two types – proxy pivoting and VPN pivoting.
Proxy Pivoting
This commonly explains the process of diverting traffic through a compromised target by applying a proxy payload on the machine and introducing attacks from the computer. This type of pivoting is limited to some TCP and UDP ports that are supported by the intermediary.
VPN Pivoting
This allows the attacker to generate an encoded layer to tunnel into the weakened machine to traverse any network traffic using that target machine to run a vulnerability assessment on the internal network through the undermined machine. This sufficiently gives the perpetrator complete network access, which appears as though they were behind the firewall.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM