NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 2.0 Threats

Lateral movement

Moving from a compromised host to other hosts inside the network. Techniques: reused SSH keys, pass-the-hash (Windows), SMB shares, remote command execution via PsExec/WinRM.

How this shows up at NCAE

When red team gets your web server, they'll try to pivot to your DNS VM via SMB or SSH. Different credentials per host limit blast radius. don't reuse root's password between server and DNS VM.