Scribd
Upload
30 views15 pages

Chapter 7

Lateral movement is a technique used by cyber attackers to navigate through a network after initial access to find sensitive data. Key steps include external and internal reconnaissance, initial infiltration, credential theft, and various techniques such as token stealing and logon scripts. Detection methods involve alert fatigue management, network visibility enhancement, and proactive threat hunting, while prevention practices include implementing least privilege, whitelisting, EDR security, password management, and multi-factor authentication.

Uploaded by

donax13349
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views15 pages

Chapter 7

Lateral movement is a technique used by cyber attackers to navigate through a network after initial access to find sensitive data. Key steps include external and internal reconnaissance, initial infiltration, credential theft, and various techniques such as token stealing and logon scripts. Detection methods involve alert fatigue management, network visibility enhancement, and proactive threat hunting, while prevention practices include implementing least privilege, whitelisting, EDR security, password management, and multi-factor authentication.

Uploaded by

donax13349
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

ETHICAL

HACKING
PERFORMING LATERAL
MOVEMENT

2
INTRODUCTION

• Lateral movement is a means to an end; a


technique used to identify, gain access to and
exfiltration of sensitive data.

3
DEFINITION OF LATERAL MOVEMENT

Lateral movement refers to the techniques


that a cyber attacker uses, after gaining
initial access, to move deeper into a
network in search of sensitive data and
other high-value assets.

4
LATERAL MOVEMENT PROCEDURE STEPS
Lateral movement can be divided into these five steps:

External reconnaissance

Internal reconnaissance

Initial infiltration

Stealing credentials
5
LATERAL MOVEMENT TECHNIQUES

“Lateral movement” is a technique used by cybercriminals to systematically


move through a network in search of data. The various techniques are listed:

Token stealing

Stolen credentials

Logon scripts 6
TOKEN STEALING

This is a new technique that hackers have been reported to be using for lateral
movement once they get into a network.
It can be performed without detection, often with the use of PowerShell.

7
STOLEN CREDENTIALS

• Stolen credentials are even more common than token stealing.


• While organizations have responded to the attack environment by investing in
anti-malware capabilities, attackers have changed their focus a bit and have
shifted more to the fundamental actions within environments.

8
LOGON SCRIPTS

• Windows uses logon scripts whenever users log into a computer system.
• These scripts can execute other programs, perform administrative functions and
send information to login servers on the network.
• If attackers can access these scripts, they can insert their own pieces of code for
continued persistence of a compromised system.

9
HOW TO DETECT LATERAL MOVEMENT

The various techniques to detect lateral movement are listed:

Alert Fatigue

Network increases visibility of attack

Threat hunting
10
ALERT FATIGUE

The overabundance of security alerts and false positives are an unfortunate


reality, causing overworked and undertrained analysts to become
desensitized to the types of alerts triggered by lateral movement attacks, such
as policy violations.

11
NETWORK INCREASES VISIBILITY OF ATTACK

• Network-based characteristics before a lateral movement attack can help


identify one as it happens.
• Packet analysis tools can help identify network characteristics, which can
then help security analysts answer questions about a network: which devices
are communicating, how they are identified, where they are located, when
real communication happens.
12
THREAT HUNTING

Threat hunting is an important part of detecting lateral movement, as it empowers


security analysts to proactively investigate network activity to identify anomalies
other detection methods don’t catch.

13
PRACTICES TO PREVENT LATERAL
MOVEMENT
There are several practices to prevent and protect lateral movement:

Least privilege

Whitelisting

EDR security

Password management
14
Multi-factor authentication
1
THANK YOU!

CONTACT US!
Phone:
+91 – 72597-87316
Email:
SUPPORT@ETHICALBYTE.IN

You might also like