| ID | Name |
|---|---|
| ATAGS-T1109.001 | Application Access Token |
| ATAGS-T1109.002 | Pass the Hash |
| ATAGS-T1109.003 | Pass the Ticket |
| ATAGS-T1109.004 | Web Session Cookie |
Threat Actors may "pass the hash" using stolen password hashes to move laterally within an environment, bypassing normal system access controls. Pass the hash (PtH) is a method of authenticating as a user without having access to the user's cleartext password. This method bypasses standard authentication steps that require a cleartext password, moving directly into the portion of the authentication that uses the password hash.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.