Module 4 · Lateral Movement & Persistence

Manish Garg
Manish Garg Associate of (ISC)² · RingSafe
Apr 22, 2026
5 min read
Read as

Last updated: April 29, 2026

Pass-the-hash/ticket, WMI/WinRM, scheduled tasks, WMI subscriptions, AD golden/silver tickets, cloud persistence.

Once you have a beacon on one endpoint, the game becomes expanding across the network to reach the objective and surviving long enough to complete it. This module covers lateral movement techniques, persistence mechanisms, and the operational discipline that keeps you in the environment after detection attempts.

Lateral movement categories

  • Credential-based: use captured credentials to authenticate to another system
  • Trust-based: abuse built-in Windows/network trusts (Kerberos delegation, pass-the-hash, pass-the-ticket)
  • Exploit-based: target a vulnerable service running on another host
  • Tool-based: ssh, psexec, WMI, WinRM, scheduled tasks, SCCM
  • Application-layer: VPN access, Citrix, RDP gateways, Jump servers
Want this for your team?

Custom team training + practitioner advisory

Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.

Book team training call Replies in 4 working hrs · India-only · Senior consultants
← Previous · Module 3
Module 3 · Command & Control Frameworks
← Back to Academy Hub
Continue Learning

Other modules in this track

View all modules
Academy
Module 1 · Beginner

Red team vs pentest, engagement types, objectives, rules of engagement, and what a good red team…

Apr 22, 2026 · 4 min read
Academy
Module 2 · Intermediate

Phishing infrastructure, HTML smuggling, password spray, OAuth consent, and exposed-service exploitation.

Apr 22, 2026 · 5 min read
Academy
Module 3 · Advanced

Cobalt Strike, Sliver, Havoc, Mythic compared. Beacon anatomy, transports, malleable profiles, redirector architecture.

Apr 22, 2026 · 4 min read