Lateral Movement

Attack Vector

Cymulate’s Lateral Movement (Hopper) vector challenges your internal networks against different techniques and methods used by attackers to gain access and control additional systems on a network, following the initial compromise of a single system.

Once an organization’s perimeter defenses fail and endpoint security is bypassed, providing the attacker a foothold in the organization (see Endpoint Security Vector) lateral movement inside the network is a common next step in a penetration scenario. Organizations deploy numerous security solutions and controls in order to prevent such movement. Whether as part of their internal policy configuration or a specific security solution, organizations depend on various controls to prevent, detect and monitor lateral movement.

As threat actors move deeper into the network, their movements and methods become more difficult to detect especially when they abuse Windows features and tools typically used by IT administrators (e.g., PowerShell). Gaining administrative privileges also makes threat actors’ activities undetectable and even untraceable. Some well-known examples were the WannaCry and NotPetya attacks, the latter which literally shut down the operations of the shipping giant Maersk, causing hundreds of millions of dollars in damages.

Such attacks can force small companies out of business. They can also interrupt emergency operations and surgeries as seen during the WannaCry campaign which hit dozens of NHS hospitals and medical centers in the UK. These attacks used a powerful exploit called Eternal Blue to spread and laterally move within networks.

Based on research and our own experience, once attackers manage to move laterally within a compromised network, they have on average three months to conduct their malicious activities without being detected.

Manual methodologies to penetrate organizations and simulate hacker breach spots are limited in speed, volume and scope. Cymulate’s Lateral Movement vector simulates a compromised workstation inside the organization and exposes the risk posed by a potential cyberattack or threat. Various techniques and methods are used to laterally move inside the network.

The platform uses a sophisticated and effective algorithm to mimic all the common and clever techniques that the most skilled hackers use to move around inside the network.

The Hopper attack simulation results are presented in an interactive graphic diagram that shows the attacker’s lateral movement path, along with Cymulate’s risk score, KPI metrics and actionable mitigation recommendations. By taking corrective action, IT and security teams can take the appropriate countermeasures to increase their internal network security.

Learn more about Other vectors


Automate cyber-intelligence gathering, analysis and risk rating providing businesses guidance to reduce their attack surface.

Email Gateway

Test Your E-Mail Security With Cymulate’s Vast and Diverse Email Solution.

Web Gateway

Test Your HTTP/HTTPS Outbound Exposure to Malicious Websites.

Web Appliocation Firewall

Test Your WAF Security Posture to Web Payloads and Protect Your Web Apps.

Endpoint Security

Test if your Endpoint solutions are tuned properly and if they are protecting you against the latest attack vectors.

Lateral Movement

Test Your E-Mail Security With Cymulate’s Vast and Diverse Email Solution.

Data Exfiltration

Challenge your DLPcontrols, enabling you to assess the security of outbound critical data before your sensitive information is exposed.

Immediate Threat

Challenge your internal networks against different techniques and methods used by attackers to gain access and control

Full Kill-Chain Advanced Persistent Threat

Full Kill-Chain Advanced Persistent Threat

Purple Team Simulation

Customized and automated security validation and assurance.