Lateral Movement (9 techniques)
Pivoting through an environment to reach additional systems.
The Lateral Movement tactic groups MITRE ATT&CK techniques used by adversaries to pivoting through an environment to reach additional systems. Each technique below has its own page with detection guidance, platforms, and sub-techniques.
- T1021 — Remote Services Linux, macOS, Windows, IaaS, ESXi
- T1072 — Software Deployment Tools Linux, macOS, Network Devices, SaaS, Windows
- T1080 — Taint Shared Content Windows, SaaS, Linux, macOS, Office Suite
- T1091 — Replication Through Removable Media Windows
- T1210 — Exploitation of Remote Services Linux, Windows, macOS, ESXi
- T1534 — Internal Spearphishing Linux, macOS, Office Suite, SaaS, Windows
- T1550 — Use Alternate Authentication Material Containers, IaaS, Identity Provider, Linux, Office Suite, SaaS, Windows
- T1563 — Remote Service Session Hijacking Linux, macOS, Windows
- T1570 — Lateral Tool Transfer ESXi, Linux, macOS, Windows
Detection engineering training, taught by practitioners.
Learn how to build real detections across the MITRE ATT&CK framework.
View Courses