From Zero to Lateral Movement in 36 Minutes
An attacker logged into my RDP Honeypot a few weeks ago and was able to dump credentials and move laterally in 36 minutes. I've been seeing more and more ProcDump and less and less mimikatz. The attacker attempted to run a couple executables to maintain persistence but these attempts failed. Advanced Scanner + ProcDump + PsExec + C2