Lateral Movement

Once you have infliterated a system within a domain, the next step is to move to other machines that are part of the domain and eventually the Domain Controller itself. This process is called lateral movement. There are bunch of ways in which lateral movement can be achieved and for each of these methods there are some basic information that you should have gathered using some of the commands and tools mentioned in the previous two sections.

These are some of the methods for lateral movement,

Pass the hash - Simply pass the hash in the place of a password to login to a systen
Overpass the hash
Pass the ticket
Distributed Component Object Model
Golden Ticket
Domain Controller Sync
Windows Management Instrumentation
PowerShell Remoting

PreviousKerberoasting NextPass the Hash

Last updated 1 year ago