WinRM
The compromised tracy.white user has been added to the Remote Access group by abusing the GenericAll privilege.
The Remote Access group is part of the Remote Management Users group. This allows direct WinRM access to the nara.nara-security.com(192.168.209.30) host.
/Practice/nara/3-Exploitation/attachments/{101E7048-0433-4687-9875-55B90304A311}.png)
Initial Foothold established to the nara.nara-security.com(192.168.209.30) host as the tracy.white user via WinRM