An organization has detected suspicious authentication activity between workstations in their Windows domain environment. Security monitoring has identified that an attacker compromised a workstation and appears to be authenticating to other systems without knowing the actual user password. Which attack technique is most likely being used?
Pass the hash is a technique where an attacker extracts hashed user credentials (typically NTLM hashes) from one system and uses them to authenticate to other systems without needing to know or crack the actual password. This attack works because Windows authentication protocols like NTLM allow authentication using just the hash value rather than requiring the plaintext password. In the scenario described, the attacker is authenticating between systems without knowing passwords, which is the hallmark of a pass the hash attack.
Kerberos Golden Ticket attacks involve creating a forged Ticket Granting Ticket after compromising the Key Distribution Center, but this typically grants domain-wide access rather than just moving between workstations. Birthday attacks are cryptographic attacks against hash functions trying to find collisions, not an authentication bypass technique. Lateral phishing would involve sending phishing emails from a compromised account to obtain credentials, not reusing existing credential hashes for authentication.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are NTLM hashes and how are they created?
Open an interactive chat with Bash
What are the differences between Pass the Hash and Kerberos Golden Ticket attacks?
Open an interactive chat with Bash
How can organizations defend against Pass the Hash attacks?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access