We would like to simulate Lateral Movement and what’s the recommended account type for the same? Simply run with the SYSTEM account/Create a local account/run using a domain account?
Hi,
By asking for a “recommended” account, what specifically are you referring to ?
The Lateral Movement module highly depends on the environment of which you will be executing it.
Each assessment with different credentials represents a different scenario.
For example, running under SYSTEM implies a scenario where an attacker has obtained complete control over the machine and has performed privilege escalation.
Running under a domain user implies the attacker has obtained credentials to a domain user, which allows the attacker to obtain information from the domain and act inside the domain, and many more capabilities which a domain user has. Running under a local user implies the attacker has not obtained credentials to a domain user, but rather a local user.
In this scenario we can see how far the attacker can go without initial access to domain credentials.
I hope it helps!
Reply
Login to the community
No account yet? Create an account
Login
CUSTOMER / CYMULATE EMPLOYEE LOGINEnter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.