Lateral Movement

30.04.2024 ยท dadevel

Tactic TA0008: The adversary is trying to move through your environment.

Lateral movement techniques (source)

If you know a user's ... (source)

  • AES key -> Pass the Key
  • NT hash -> Pass the Hash for NTLM authentication or Overpass the Hash for Kerberos authentication
  • TGT -> Pass the Ticket
  • ST -> Pass the Ticket
  • private key -> PKINIT for Kerberos authentication, optionally followed by Unpac the Hash for NTLM authentication

Windows authentication (source):

  • local or domain account
  • interactive or network / non-interactive authentication, see Logon Types
  • local access managed with access tokens, remote access managed with logon sessions

Untested tools: