Lateral Movement (9 techniques)
Pivoting through an environment to reach additional systems.
The Lateral Movement tactic groups MITRE ATT&CK techniques used by adversaries topivoting through an environment to reach additional systems. Each technique below has its own page with detection guidance, platforms, and sub-techniques.
- T1021 — Remote ServicesLinux, macOS, Windows, IaaS, ESXi
- T1072 — Software Deployment ToolsLinux, macOS, Network Devices, SaaS, Windows
- T1080 — Taint Shared ContentWindows, SaaS, Linux, macOS, Office Suite
- T1091 — Replication Through Removable MediaWindows
- T1210 — Exploitation of Remote ServicesLinux, Windows, macOS, ESXi
- T1534 — Internal SpearphishingLinux, macOS, Office Suite, SaaS, Windows
- T1550 — Use Alternate Authentication MaterialContainers, IaaS, Identity Provider, Linux, Office Suite, SaaS, Windows
- T1563 — Remote Service Session HijackingLinux, macOS, Windows
- T1570 — Lateral Tool TransferESXi, Linux, macOS, Windows
Detection engineering training, taught by practitioners.
Learn how to build real detections across the MITRE ATT&CK framework.
View Courses