Adversaries may “pass the hash” using stolen password hashes to move laterally within an environment, bypassing normal system access controls. Pass the hash (Path) is a method of authenticating as a user without having access to the user’s cleartext password. This method bypasses standard authentication steps that require a cleartext password, moving directly into the portion of the authentication that uses the password hash.
Learning Objectives
On successful completion of this course, learners should have the knowledge and skills required to:
- Execute a "pass the hash" attack using stolen password hashes.
- Move directly into the portion of the authentication that uses the password hash
- Bypasses standard authentication steps that require a cleartext password