Exploring WinRM plugins for lateral movement

This report demonstrates a proof-of-concept technique for stealthy lateral movement on Windows by installing a custom WinRM plugin DLL into System32, registering it via a manifest, invoking its Put method through COM (WSMan) from a Beacon Object File, and later uninstalling it; the write-up includes full code examples for the DLL and the BOF, operational steps for install/call/uninstall, and notes that Defender detected the technique during testing.