Remote Desktop Protocol (RDP) (T1021.001)

Windows Admin Shares(T1021.002)

PsExec (Sysinternals tool)(S0029)

PowerShell remoting(T1021.006)

Understanding Lateral Movement

Lateral movement is a critical phase in an attack where adversaries transition from an initially compromised system to other systems within the network. This enables them to escalate privileges, access sensitive information, and expand their foothold throughout an organization. Attackers employ various techniques to achieve lateral movement, such as:

• Exploiting Remote Desktop Protocol (RDP)
• Using Windows Admin Shares (SMB)
• Leveraging Windows Remote Management (WinRM)
• Executing Remote WMI Commands
• Employing Pass-the-Hash and Pass-the-Ticket techniques
• Utilizing Remote PowerShell Execution

"Each of these techniques is discussed in detail on the pages above."