Pivoting is a methodtechnique usedemployed by both hackers and [[penetration test]]ers to expand thetheir attackaccess surface ofwithin a target organizationnetwork. ABy compromisedcompromising a system, toattackers attackcan otherleverage systemsit onas thea sameplatform networkto target other systems that are nottypically directly reachableshielded from thedirect Internetexternal dueaccess to restrictions such asby [[Firewall (computing)|firewallfirewalls]]{{clarify|date=April 2023}}. ThereInternal tendnetworks tooften becontain morea machinesbroader reachablerange fromof insideaccessible amachines networkcompared asto comparedthose exposed to Internetthe facing hostsinternet. For example, if an attacker compromisesmight compromise a web server on a corporate network,the attacker canand then useutilize the compromised web serverit to attacktarget anyother reachablesystems system onwithin the same network. TheseThis typesapproach ofis attacksoften arereferred oftento calledas a multi-layered attacksattack. Pivoting is also known as ''island hopping''.
Pivoting can further be distinguished into [[Proxy server|proxy]] pivoting and [[VPN]] pivoting:
