Lateral movement
Jul 14th, 2017 by Jesper Kråkhede
If you are a pentester you a perfectly aware of lateral movement but if you are a bit more far away from technology you probably won’t read any more right now but I would advice you to continue reading.
What is lateral movement? It’s the process of getting access to a computer, capture the credentials and use those to move to the next computer in the network, get the next set of credentials and continue until you find a workstation that a domain admin has logged into.
And that’s where the attacker strikes gold for with those credentials it is possible to take control of the Active Directory and with that take full control of everything in the organization.
So, is lateral movement a problem? Yes, it is a problem if you have not implemented a Tier model because sooner or later (often sooner) they will find that workstation where the domain administrator logs in. It is still a problem if you have implemented the Tier model and PAWs but at least the keys to the kingdom is safe (for now). If you have followed best practice how clients access applications and use domain accounts then lateral movement becomes a lesser problem but still it could be blocked rather easily if you implement a few group policies that blocks ‘Local account and member of Administrators group’ from logging on to this computer from the network.
Read more here.