Skip to main content
Cyber Defense TacticsCyber Defense Tactics
HomeLearnResourcesBlogCommunityPricing
Cyber Defense TacticsCyber Defense Tactics

Learn defensive security, leverage AI for cyber defense, and join a community of security professionals.

Learning

  • Blog
  • Resources
  • Newsletter

Community

  • Discord
  • YouTube
  • About

Legal

  • Privacy Policy
  • Terms of Service

© 2026 Cyber Defense Tactics. All rights reserved.

A Carbene.AI Project

Back to ATT&CK Hub
T1021

Remote Services

Lateral Movement
Featured

Adversaries may use Valid Accounts to log into a service specifically designed to accept remote connections, such as RDP, SSH, or SMB.

View on MITRE ATT&CK

Real-World Example

After initial compromise, ransomware operators often use RDP to move laterally within networks, deploying ransomware to multiple systems.

Defense Strategies

  • Network segmentation
  • Just-in-time access
  • Privileged access workstations
  • Monitor lateral connections

Detection Methods

  • Track remote connection patterns
  • Monitor for unusual RDP/SSH activity
  • Detect admin tool usage
  • Baseline normal remote access

Related Techniques in Lateral Movement

T1550

Use Alternate Authentication Material

Ready to learn more techniques and test your knowledge?