The number of Lateral Movement techniques that an attacker can use in an Active Directory environment is limited. The most well-known techniques for executing code on a remote system with administrative privileges are as follows:
Revisiting Cross Session Activation Attacks
This blog post was written and published on my employer’s website, where it can be found here: