diff --git a/LateralMovement.md b/LateralMovement.md
index 0c7377b..5f5d89f 100644
--- a/LateralMovement.md
+++ b/LateralMovement.md
@@ -11,6 +11,12 @@ Atomics: [T1550.003](https://github.com/redcanaryco/atomic-red-team/blob/master/
 ### T1563.002 RDP Hijacking
 Atomics: [T1563.002](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md)
 
+Detects RDS and RemoteApp session redirections for lateral movement.
+
+```
+SrcProcName = "tscon.exe" AND SrcProcCmdLine ContainsCIS "/dest:"
+```
+
 
 ### T1021.001 Remote Desktop Protocol
 Atomics: [T1021.001](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md)