Quick Definition
Lateral Movement is a term used to describe how hackers move from an initial point of entry deeper into a network.
When normal users access a network, they tend to start at a defined entry point like a desktop or laptop and fan and access additional resources in a star pattern emanating from the initial entry point. The “one hop” star pattern is an intentional security design feature of Kerberos that is supposed to prevent hackers from performing lateral movement. The idea is that Kerberos only allows a ticket to be used one-hop from where it was issued. Note that Microsoft actually refers to the one-hop restriction as the double-hop problem, but one-hop is probably more descriptive for what we’re talking about. In reality, hackers have found many ways around the double-hop problem and are able to move in linear or “lateral” patterns. Because hackers are able to steal multiple identities, they can switch user identities as needed and, in some cases, use software exploits to create sessions between computers that are completely unauthenticated. It is this chaining of sessions from entry point to objective that we refer to as lateral movement.
