CompTIA PenTest+ PT0-002 Practice Question

Pass the hash (PtH) is a technique where an attacker captures password hashes from one machine and then uses those hashes to authenticate to another machine without requiring the plaintext password. This is possible because certain authentication protocols do not require the original user password, but rather rely on hash values for authentication, enabling attackers to move laterally within the network. Kerberos golden ticket, on the other hand, refers to the compromise of the Kerberos service within Active Directory to grant extensive rights within the infrastructure and is not directly related to authenticating with password hashes. Password spraying and brute force attacks are different attack methods focusing on guessing or cracking passwords. In password spraying, the attacker tries a few commonly used passwords against many accounts, while brute force attacks attempt many passwords against a single account until the correct one is found.