Pivoting & Tunneling

Pivoting lets you reach network segments that are not directly accessible from your attacker machine by routing traffic through a compromised host. Choose the tool based on what you can run on the pivot and what the target network allows.

Attacker  ← tunnel →  Pivot host  ← LAN →  Internal targets

Ligolo-ng

Reverse TUN-based tunnel: full IP routing through a compromised host, transparent to tools

Chisel

HTTP-tunnelled SOCKS5 and port forwarding; works through restrictive firewalls

Proxychains

Route arbitrary tool traffic through a SOCKS proxy; pairs with Ligolo and Chisel

Choosing a Tool

Scenario	Use
Full subnet access needed, can drop a binary	Ligolo-ng
Only HTTP/HTTPS egress from the pivot	Chisel
Need to route a specific tool through an existing SOCKS proxy	Proxychains
SSH available on the pivot host	SSH local/remote/dynamic port forwarding

Windows Post Exploitation Ligolo-ng

⌘I

Ligolo-ng

Chisel

Proxychains

​Choosing a Tool

Choosing a Tool