Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
If you haven't seen how a PtH attack works first hand, I highly recommend this lab. It walks through using mimikatz to use an NTLM hash to authenticate to a ___domain controller, then uses the PtH mitigations in Server 2016 like credential guard to defend.
https://blogs.technet.microsoft.com/datacentersecurity/2017/05/15/credential-guard-lab-companion/