Q5.

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

A Pass-the-hash (PtH) attack is a technique where an attacker captures a password hash from a compromised system (often from memory, e.g., the LSASS process) and uses it to authenticate to other systems on the network. The key characteristic of this attack, as described in the scenario, is that the attacker does not need to crack the hash to discover the original plaintext password. They simply pass the hash itself to the authentication protocol (e.g., NTLM), which accepts it as a valid credential, allowing for lateral movement across the network.