10. Lateral Movement
Lateral Movement (TA0008)
Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following their initial access, adversaries use lateral movement to explore the network to find their target data.
Strategy
- Living off the Land: Use
psexec,ssh,wmicrather than custom malware. - Credentials: You need valid credentials (hash or ticket) to move.
- Pivoting: Tunnelling traffic through compromised hosts to reach segmented networks.
Section Contents
-
Lateral Tool Transfer
Moving tools and payloads between compromised systems.
-
Remote Services
Using valid credentials to access remote systems via SMB, RDP, WinRM, and SSH.
-
Taint Shared Content
Compromising content on shared drives (watering holes) to move laterally.
-
Use Alternate Authentication Material
Authenticating to remote systems using hashes or tickets instead of plaintext passwords.
