Infosec Institute -
The mitre ATT&CK framework breaks the cyberattack lifecycle into a set of objectives that an attacker may need to achieve during their attack. For each of these objectives (called tactics), the ATT&CK framework describes various methods (called techniques) by which an attacker can achieve these goals.
One of the MITRE ATT&CK tactics is lateral movement. This tactic addresses the fact that an attacker does not always immediately gain access to the system that hosts their final objective. Instead, an attacker often needs to move from the initially compromised machine (often a user workstation) through the network to another system (often a high-value target like a database). This lateral movement can be achieved in a few different ways.
Introduction to remote services
One of the techniques for the lateral movement tactic is to take advantage of remote services within an organization’s environment. These services are designed to provide users with access to certain functionality hosted on other machines.
A common example of remote service is a file server, which provides shared storage for several different systems. By exploiting this shared file server, an attacker can expand their access to the target network.
SMB/windows admin shares
Admin shares are an example