5 Lateral Movement in Domain and Across Forests

After an adversary establishes a foothold in the environment and/or harvests valid credentials, the next step is usually lateral movement. Lateral movement is a set of techniques that allows an attacker to move deeper into the target environment and search for high-value assets and sensitive data, including new credentials.

We will start with a scenario in which an attacker obtained a clear-text password (e.g., successful password spray attack) and now tries to blend in with usual environment traffic by abusing administrative protocols. As a next step, we will discuss how to relay the hash and the prerequisites for this move to be successful. To perform lateral movement, the attacker does not only ...

Get Pentesting Active Directory and Windows-based Infrastructure now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Pentesting Active Directory and Windows-based Infrastructure by Denis Isakov

5

Lateral Movement in Domain and Across Forests

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly