Recommended account to run Lateral Movement?

  • 26 June 2023
  • 1 reply


We would like to simulate Lateral Movement and what’s the recommended account type for the same? Simply run with the SYSTEM account/Create a local account/run using a domain account? 

1 reply

Userlevel 4
Badge +3


By asking for a “recommended” account, what specifically are you referring to ? 
The Lateral Movement module highly depends on the environment of which you will be executing it. 
Each assessment with different credentials represents a different scenario.
For example, running under SYSTEM implies a scenario where an attacker has obtained complete control over the machine and has performed privilege escalation. 
Running under a domain user implies the attacker has obtained credentials to a domain user, which allows the attacker to obtain information from the domain and act inside the domain, and many more capabilities which a domain user has. Running under a local user implies the attacker has not obtained credentials to a domain user, but rather a local user.

In this scenario we can see how far the attacker can go without initial access to domain credentials.

I hope it helps!