What is lateral movement in cybersecurity?
D2 ยท Threats ยท CompTIA Security+ SY0-701Lateral movement refers to the techniques attackers use to progressively move through a network after initial compromise โ accessing additional systems, data, and credentials to reach their ultimate objective.
Common lateral movement techniques: pass-the-hash, pass-the-ticket (Kerberos), remote services (RDP, SSH, SMB), WMI/PowerShell remoting, living-off-the-land using built-in tools.
Goal: elevate privileges, reach high-value targets (domain controller, database servers).
Common lateral movement techniques: pass-the-hash, pass-the-ticket (Kerberos), remote services (RDP, SSH, SMB), WMI/PowerShell remoting, living-off-the-land using built-in tools.
Goal: elevate privileges, reach high-value targets (domain controller, database servers).
Network segmentation is the primary defense against lateral movement โ an attacker who compromises one segment shouldn't be able to reach another. Zero trust (never trust, always verify) and micro-segmentation limit blast radius. Monitor for unusual authentication events and SMB/RDP connections.