Lateral Movement

One foothold is a beachhead, not a win. Lateral movement is how a single compromised host becomes the whole domain: take credential material, find a host where it is privileged, run code there, repeat — until you reach a Domain Admin. This walks the loop, the execution methods (PsExec, WMI, WinRM, DCOM), Pass-the-Hash, the real commands, and the per-method telemetry that catches each one.