Pass-the-Hash attacks

GPTKB entity

Statements (33)
Predicate Object
gptkbp:instanceOf cyberattack technique
gptkbp:can_be_performed_using gptkb:Metasploit
gptkb:Mimikatz
Windows Credential Editor
gptkbp:can_compromise Active Directory environments
gptkbp:canBeBypassedBy password authentication
gptkbp:cause data breaches
privilege escalation
gptkbp:commonly_targets gptkb:Windows_operating_systems
gptkbp:detects SIEM systems
endpoint detection and response (EDR) tools
monitoring unusual authentication patterns
gptkbp:enables lateral movement
gptkbp:exploits gptkb:NTLM_authentication
LAN Manager (LM) hashes
hash-based authentication
gptkbp:firstDescribed 1997
https://www.w3.org/2000/01/rdf-schema#label Pass-the-Hash attacks
gptkbp:mitigatedBy multi-factor authentication
limiting administrative privileges
using strong password policies
gptkbp:prevention_includes network segmentation
credential guard
disabling NTLM
using local administrator password solution (LAPS)
gptkbp:relatedTo credential dumping
Kerberos attacks
gptkbp:target authentication protocols
gptkbp:uses stolen password hashes
gptkbp:bfsParent gptkb:Windows_Defender_Credential_Guard_for_Credential_Protection
gptkb:Windows_Defender_Credential_Guard_for_Secure_Authentication
gptkb:Windows_Defender_Credential_Guard_for_Virtualization-Based_Security
gptkbp:bfsLayer 8