During a penetration testing engagement, a tester successfully exploited a workstation and now aims to move laterally within the network to gain access to a restricted area containing sensitive data. Which technique would BEST facilitate this lateral movement without raising immediate alarms?
Trojan
Pass the hash
Dictionary attacks
Brute force
The correct answer is 'Pass the hash', as this technique allows an attacker to authenticate to a remote server or service using the underlying NTLM or LAN Manager hash of a user's password, bypassing the need for the plain text password. This method is less noisy than brute force attacks, reducing the risk of detection, and is effective in networks where password hashes are reusable. 'Brute force' would be noisy and likely to trigger account lockouts or alerts. While 'Trojan' could help maintain access or exfiltrate data, it does not inherently facilitate lateral movement. 'Dictionary attacks' are similar to brute force in their likelihood of detection and do not specifically apply to the context of leveraging existing credentials for moving laterally.
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
All IT & Cybersecurity Package plans include the following perks and exams .
Our pricing is simple. Full access to all certifications and exams in each package, for one price.
As many practice tests for as many topics as you want.
Use study mode non-stop, no limits.
Access to our AI assistant, Bash, trained to help you pass your exam.
Track your scores over time in study mode and report cards.
See how you improve over time, and where you need to focus.
Access our store with even bigger discounts than before.
Unlimited access to all performance questions and be prepared for the real thing.
All IT & Cybersecurity Package plans include unlimited access to the following study materials.
Create an account or sign in to access our study materials.