You receive an escalated alert from L1 indicating possible lateral movement within the network. How would you investigate this, and what evidence would you look for to confirm or deny the activity?

Sample answer preview

Lateral movement is one of the most dangerous phases of an attack because it means an adversary has already gained initial access and is now expanding their foothold across the network.