loading
Loading content
loading
Pivoting uses a machine you already control as a relay into networks you cannot touch from outside. After landing on a public-facing host that also sits on an internal segment, an attacker tunnels traffic through it to scan and attack systems that have no internet route. Common techniques include SOCKS proxies over SSH, port forwarding, and dedicated tunneling tools that bridge the two networks through the foothold.
This matters because perimeter defenses assume the internal network stays hidden. One exposed host with a second interface collapses that assumption and exposes databases, domain controllers, and management interfaces that were never meant to face an attacker. Pivoting is how a single breach becomes a path across the whole environment.
Pivoting enables lateral movement by giving the attacker network reach into new segments, where stolen credentials and privilege escalation carry them further. Fresh network mapping from the pivot point reveals targets invisible from the edge. The technique is a staple of red teaming engagements that model a determined intruder.
In Trickest you can model the discovery side of this, scanning each newly reachable segment as a workflow stage so internal hosts get enumerated as soon as a pivot opens them up.
Related terms