Lateral Movement

Understanding Lateral Movement in AD

Core Concept

Purpose: Move from one compromised system to another within an Active Directory environment to escalate privileges, access sensitive data, or reach target objectives.

Attack Flow:

Initial Compromise → Credential Extraction → Authentication to New Systems → Repeat Process

• Extract credentials from compromised system

• Use stolen authentication material to access other systems

• Establish persistence and extract more credentials

• Continue until objective is achieved

Requirements: Initial system compromise, extracted authentication material, network access to targets Attack Value: Domain-wide access, privilege escalation, persistent access to sensitive systems