Threat actors may use alternate authentication material, such as password hashes, Kerberos tickets, and application access tokens, in order to move laterally within an environment and bypass normal system access controls.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.