Lateral Movement

What is Lateral Movement?

Lateral movement refers to that attacker’s untargeted, stealthy exploration and navigation around networks for high-value assets after gaining initial access. Lateral Movement is an attack tactic defined in the MITRE ATT&CK knowledge base.

Lateral movement refers to the techniques that a cyberattacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets. After entering the network, the attacker maintains ongoing access by moving through the compromised environment and obtaining increased privileges using various tools.

Lateral movement is a key tactic that distinguishes today’s advanced persistent threats (APTs) from simplistic cyberattacks of the past.

Source: CrowdStrike


Pivoting is the attack that moves from a comprised host (aka plant or foothold) to another to expand control or pillage a particular resource; it can be a targeted or untargeted attack. The term pivoting is commonly used by penetration testers who use the Metasploit Framework.


The term pillage seems to be coined or introduced by Steve Anson at SANS. I interpret it literally. The purpose of pivoting is “either to expand control or pillage a particular resource.” (Steven Anson)

Whether performed by an insider threat, or by an external threat that’s managed to get a foothold inside, the next step in the dance is usually the pivot: moving from one host to another either to expand control or pillage a particular resource. In this talk we will look at some of the more commonly encountered pivot techniques to help you understand, detect and deter malicious, lateral movement within your network.

Source: ForwardDefense


Leave a Reply