Identity

Definition

Identity is the unique representation of a user, device, or service within a system or network. It answers the question: “Who or what is trying to access this resource?” An identity is established so systems can recognize an entity, track its actions, and enforce security rules.

An identity usually has:

* A **name** or unique identifier, such as a username, email, or device ID
* Credentials used for authentication, such as a password or certificate
* Attributes such as job role or group membership that determine permissions

Identities are managed through identity systems like Active Directory or cloud identity providers. These systems store account information, authenticate users, and assign access rights.

Attackers use identities to move laterally by taking over accounts that already have trusted access inside the environment. Once they compromise one identity, they look for ways to reach other systems and increase their privileges. Lateral movement with identities often follows these patterns:

1. **Stealing credentials**
   Attackers collect passwords, tokens, browser cookies, or saved login data from the first compromised system.

2. **Using legitimate access**
   They log into other computers or services that the stolen identity is allowed to reach. Because the login looks normal, it is harder to detect.

3. **Targeting higher-privilege accounts**
   Attackers search for administrative identities that give broader control. They may dump password hashes or harvest cached credentials from a machine where an administrator recently logged in.

4. **Abusing single sign-on and trust relationships**
   If the organization uses systems where one login grants access to many services, a stolen identity can unlock large parts of the network at once.

5. **Blending into normal activity**
   Since authorized identities are used, logs show valid usernames performing valid actions. This hides attacker movement from basic detection rules.

The attacker repeats this cycle, chaining identities from one system to the next. Over time, they move closer to valuable assets such as sensitive data, domain controllers, or production servers. Securing identities and monitoring authentication behavior is one of the most effective ways to stop lateral movement.

Identity

Definition

Explore More Terms