Security News > 2022 > September > Pass-the-Hash Attacks and How to Prevent them in Windows Domains
In order to understand how a pass-the-hash attack works, you must first understand how password hashes are used.
When you log into the system, the authentication engine uses the same mathematical formula to compute a hash for the password that you entered and compares it to the stored hash.
From the hacker's perspective, having access to a password hash is essentially the same as having access to the password.
Password hashing is a commonly used technique to protect passwords but not all password hash technologies are equal.
The reason why Windows is a favorite target is because Windows systems contain password hashes for everyone who has ever logged into that system.
If no admin level hashes are present, then the hacker will perform a hash spray attack in which they use stolen password hashes to log into every other workstation and extract its password hashes.