📄️ Pass the Hash (PtH)
Pass the Hash (PtH) is a technique where an attacker uses hashed credentials (password hashes) to authenticate and gain access to a computer or network, bypassing password authentication.
📄️ Pass the Ticket (PtT)
Pass-the-Ticket (PtT) is a post-exploitation technique in which an attacker uses a valid Kerberos ticket (such as a Ticket Granting Ticket, TGT) to authenticate to services without needing the user's password. This method exploits stolen tickets to bypass normal authentication mechanisms in Windows environments.
📄️ Pass the Certificate
PKINIT (Public Key Cryptography for Initial Authentication) is a Kerberos extension that allows users to authenticate using X.509 certificates. Attackers can abuse this to request Ticket Granting Tickets (TGTs) by leveraging misconfigured Active Directory Certificate Services (AD CS).