Lateral Movement: Detection and defense in the corporate network
Lateral movement refers to the techniques attackers use to move through a network after gaining initial access in order to compromise additional systems. This article explains the most common techniques (Pass-the-Hash, Pass-the-Ticket, Kerberoasting, WMI/PSExec), detection strategies using Windows event logs and EDR, as well as defensive measures (Local Admin Password Solution (LAPS), Protected Users security group, SMB signing, and network segmentation).
Summary: Lateral movement describes an attacker’s propagation after gaining initial access: pass-the-hash, pass-the-ticket, kerberoasting, overpass-the-hash, golden/silver ticket, DCSync. MITRE ATT&CK: TA0008. Tools: BloodHound (path analysis), Impacket, CrackMapExec, Cobalt Strike. Countermeasures: Network segmentation, Credential Guard, Protected Users Group, LAPS, tiered model, Privileged Access Management (PAM).
Questions about this topic?
Our experts advise you free of charge and without obligation.
About the Author
M.Sc. Internet-Sicherheit (if(is), Westfälische Hochschule). COO und Prokurist mit Expertise in Informationssicherheitsberatung und Security Awareness. Nachwuchsprofessor für Cyber Security an der FOM Hochschule, CISO-Referent bei der isits AG und Promovend am Graduierteninstitut NRW.
11 Publikationen
- Understanding Regional Filter Lists: Efficacy and Impact (2025)
- Privacy from 5 PM to 6 AM: Tracking and Transparency Mechanisms in the HbbTV Ecosystem (2025)
- A Platform for Physiological and Behavioral Security (2025)
- Different Seas, Different Phishes - Large-Scale Analysis of Phishing Simulations Across Different Industries (2025)
- Exploring the Effects of Cybersecurity Awareness and Decision-Making Under Risk (2024)
- Sharing is Caring: Towards Analyzing Attack Surfaces on Shared Hosting Providers (2024)
- On the Similarity of Web Measurements Under Different Experimental Setups (2023)
- People, Processes, Technology - The Cybersecurity Triad (2023)
- Social Media Scraper im Einsatz (2021)
- Digital Risk Management (DRM) (2020)
- New Work - Die Herausforderungen eines modernen ISMS (2024)
