
Pass the Hash Guidance
#Knowledge Base#Resources
Leading provider of free cybersecurity training resources
This project contains scripts for
This project contains scripts designed to assist administrators in implementing Pass the Hash mitigations, as detailed in the paper titled 'Reducing the Effectiveness of Pass the Hash.'
The PtHTools Module Overview and Usage
The PtHTools module includes the primary commands designed to assist with the implementation of Pass-the-Hash (PtH) mitigations:
- Find-PotentialPtHEvents
- Invoke-DenyNetworkAccess
- Edit-AllLocalAccountPasswords
- Get-LocalAccountSummaryOnDomain
- Invoke-SmartcardHashRefresh
- Find-OldSmartcardHash
For detailed instructions on how to use these commands, please refer to the PtHTools readme file.
Guidance for Reducing the Effectiveness of Pass-the-Hash includes:
- Managing Long-Lived Hashes for Active Directory Smartcard Required Accounts
- Limiting Workstation-to-Workstation Communication
For more information, refer to Microsoft's guidance here: https://aka.ms/pth
- This link leads to Microsoft's general resource page on Pass-the-Hash.
Additional resources include:
- Mitigating Pass-the-Hash and Other Credential Theft v1
- Mitigating Pass-the-Hash and Other Credential Theft v2
Understanding How Pass-the-Hash Functions
Understanding How Pass-the-Hash Functions
Local Administrator Password Solution
- LAPS is a Microsoft-supported tool designed to ensure that local administrator accounts do not share the same password.
An Alternative to the Edit-AllLocalAccountPasswords Command
This serves as an alternative to the Edit-AllLocalAccountPasswords command found in PtHTools.
krbtgt Refresh Script
- This script resets the krbtgt account password two times to invalidate the hash.