Distributed COM (DCOM) lets one Windows host instantiate and drive COM objects on another over the network — and that same capability is a favourite lateral-movement primitive. This walkthrough covers the DCOM architecture, a step-by-step attack flow from a dumped credential to a child PowerShell process, and the correlated Event ID 4624 and Sysmon telemetry that exposes it.
Breaking the Flat Network: How Tiering Models Protect Active Directory
The article explains how flat enterprise networks enable easy lateral movement and domain compromise. It shows how Active Directory tiering models segment privileges and systems to prevent attackers from escalating access.