The attacker uses his access to move from system to system within the compromised environment. Common lateral movement methods include accessing network shares, using the Windows Task Scheduler to execute programs, using remote access tools such as PsExec, or using remote desktop clients such as Remote Desktop Protocol (RDP), DameWare, or Virtual Network Computing (VNC) to interact with target systems using a graphical user interface.

Matrix techniques

• WMI
• WinRM
• SSH HiJacking
• SMB
• Remote Desktop
• Exploit

References

• Attack Life Cycle