Lateral movement: Pass-the-Hash (use NTLM hash to authenticate), Pass-the-Ticket (use Kerberos ticket), WMI/WinRM exec, PsExec (SMB-based remote exec), RDP, SSH, Impacket toolkit.
Impacket (Python) provides: psexec.py, wmiexec.py, smbexec.py, secretsdump.py — essential pen test toolkit for Windows lateral movement. Defense: Credential Guard, disable WMI/WinRM where not needed, SMB signing, EDR behavioral detection, network segmentation.