Lateral Movement.

If we start assuming that we are already compromised, our approaches during the performance of defensive strategies or offensive actions would reaching other perspectives.
We’re taking for granted that the house is totally clean and the security efforts that we have been deploying are for keep it in that way; there are no visible signs, and that could be the most assumed scenario. However, with that assumption, there are signs that are ready to be hidden themselves or mimick legit ones. There’s a high probability that those signs were delivered by non-common adversaries, trying to move through the apparently healthy environment.

According to MITRE ATT&CK “Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain”.

The reason why those signs are living in the native systems is to maintain their persistence, installing other tools and stealthy accomplishing Lateral Movement.

lateral movement techniques are shown in order to know them and stop them.

Flow diagram: Lateral movement  (Ver diagrama) 

Fernando Mejía is a great enthusiast of SOC and defensive environments, threat hunting, incident response and SIEM technologies.

I’m a strong believer that the knowledge has to be shared, and as part of a personal effort during this quarantine titled “Lockdown Series”, is a pleasure to me sharing the next mind map that I’ve developed, where the most common lateral movement techniques are shown in order to know them and stop them.

Contact:

Linkedin: linkedin.com/in/fdo-mejia