Loading AttackTrace...
ATT&CK tactic
23 techniques mapped to this tactic.
Remote Services (T1021) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may use Valid Accounts to log into a service that accepts remote connections, such as telnet, SSH, and VNC.
Remote Desktop Protocol (T1021.001) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP).
SMB/Windows Admin Shares (T1021.002) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
Distributed Component Object Model (T1021.003) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may use Valid Accounts to interact with remote machines by taking advantage of Distributed Component Object Model (DCOM).
SSH (T1021.004) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may use Valid Accounts to log into remote machines using Secure Shell (SSH).
VNC (T1021.005) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may use Valid Accounts to remotely control machines using Virtual Network Computing (VNC).
Windows Remote Management (T1021.006) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may use Valid Accounts to interact with remote systems using Windows Remote Management (WinRM).
Cloud Services (T1021.007) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may log into accessible cloud services within a compromised environment using Valid Accounts that are synchronized with or federated to on premises user identities.
Direct Cloud VM Connections (T1021.008) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may leverage Valid Accounts to log directly into accessible cloud hosted compute infrastructure through cloud native methods.
Software Deployment Tools (T1072) is a MITRE ATT&CK technique associated with Execution, Lateral Movement . Adversaries may gain access to and use centralized software suites installed within an enterprise to execute commands and move laterally through the network.
Taint Shared Content (T1080) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may deliver payloads to remote systems by adding content to shared storage locations, such as network drives or internal code repositories.
Replication Through Removable Media (T1091) is a MITRE ATT&CK technique associated with Lateral Movement, Initial Access . Adversaries may move onto systems, possibly those on disconnected or air gapped networks, by copying malware to removable media and taking advantage of Au…
Exploitation of Remote Services (T1210) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Internal Spearphishing (T1534) is a MITRE ATT&CK technique associated with Lateral Movement . After they already have access to accounts or systems within the environment, adversaries may use internal spearphishing to gain access to additional information or compromise other u…
Use Alternate Authentication Material (T1550) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may use alternate authentication material, such as password hashes, Kerberos tickets, and application access tokens, in order to move laterally within an en…
Application Access Token (T1550.001) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may use stolen application access tokens to bypass the typical authentication process and access restricted accounts, information, or services on remote systems.
Pass the Hash (PtH) is the reuse of an NTLM password hash to authenticate without recovering the account's plaintext password. An adversary who obtains a reusable hash may authenticate to services that accept NTLM and operate with the victim account's privileges. The activity…
Pass the Ticket (T1550.003) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may “pass the ticket†using stolen Kerberos tickets to move laterally within an environment, bypassing normal system access controls.
Web Session Cookie (T1550.004) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries can use stolen session cookies to authenticate to web applications and services.
Remote Service Session Hijacking (T1563) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may take control of preexisting sessions with remote services to move laterally in an environment.
SSH Hijacking (T1563.001) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may hijack a legitimate user's SSH session to move laterally within an environment.
RDP Hijacking (T1563.002) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may hijack a legitimate user’s remote desktop session to move laterally within an environment.
Lateral Tool Transfer (T1570) is a MITRE ATT&CK technique associated with Lateral Movement . Adversaries may transfer tools or other files between systems in a compromised environment.