• Online, Self-Paced

Adversaries may “pass the hash” using stolen password hashes to move laterally within an environment, bypassing normal system access controls. Pass the hash (Path) is a method of authenticating as a user without having access to the user’s cleartext password. This method bypasses standard authentication steps that require a cleartext password, moving directly into the portion of the authentication that uses the password hash.

Learning Objectives

On successful completion of this course, learners should have the knowledge and skills required to:

  • Execute a "pass the hash" attack using stolen password hashes.
  • Move directly into the portion of the authentication that uses the password hash
  • Bypasses standard authentication steps that require a cleartext password

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.