When using lateral movement techniques:
  • Jump from one host to the next to spread your attack out and look for new vulnerabilities to exploit.
  • Use reconnaissance techniques to make lateral movement easier.
  • Migrate code between running processes to evade detection and take on new privileges.
  • Use insecure remote access services like Telnet and rlogin when available.
  • Use SSH to encrypt your movement traffic.
  • Use remote desktop services like RDP and VNC to gain a GUI onto systems you move to.
  • Ensure that these remote desktop services are activated on the target system.
  • Use pivoting to move through one host to a host on an otherwise inaccessible subnet.
  • Use pivoting techniques like port forwarding and modifying routing tables to access other hosts and subnets.
  • Use tools like Metasploit and ProxyChains to engage in pivoting.