What is lateral movement in the context of a network intrusion, and what network-level indicators would help you detect an attacker moving laterally through an enterprise network? What logs and tools would you use?

Sample answer preview

Lateral movement refers to the techniques an attacker uses to move through a network after gaining initial access, typically to find and access high-value targets like domain controllers, file servers, or databases containing sensitive data.