APPENDIX DLateral Movement
Lateral movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts. Adversaries might install their own remote access tools to accomplish lateral movement or use legitimate credentials with native network and operating system tools, which may be stealthier.
| ID | NAME | DESCRIPTION |
|---|---|---|
| T1210 | Exploitation of Remote Services | Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. A common goal for post-compromise exploitation of remote services is for lateral movement to enable access to a remote system. |
| T1534 | Internal Spear Phishing | Adversaries may use internal spear phishing to gain access to additional information or exploit other users within the same organization after they already have access to accounts or systems within the environment. Internal spear phishing is a multi-staged attack where an email account is owned either by controlling the user's device with previously installed malware or by compromising ... |
Get Threat Hunting in the Cloud now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
