| ID | Name |
|---|---|
| ATAGS-T1109.001 | Application Access Token |
| ATAGS-T1109.002 | Pass the Hash |
| ATAGS-T1109.003 | Pass the Ticket |
| ATAGS-T1109.004 | Web Session Cookie |
Threat Actors may "pass the ticket" using stolen Kerberos tickets to move laterally within an environment, bypassing normal system access controls. Pass the ticket (PtT) is a method of authenticating to a system using Kerberos tickets without having access to an account's password. Kerberos authentication can be used as the first step to lateral movement to a remote system.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.