How does Pass-the-Hash differ from traditional password theft?

Pass-the-Hash attacks steal the hashed version of passwords stored in Windows systems rather than plaintext passwords. Attackers exploit the NTLM protocol which allows authentication using these hashes directly, bypassing the need to crack or obtain the actual password. The hashes remain valid until the user resets their password, providing persistent access.

What automated responses can Log360 trigger when detecting Pass-the-Hash activity?

Log360's SOAR capabilities enable automated response workflows including terminating suspicious processes or services, disabling compromised user accounts, and isolating affected devices. These actions can be configured through alert profiles associated with response workflows to contain threats immediately upon detection.

ManageEngine: Detecting Pass-the-Hash Attacks with Log360

Name: ManageEngine: Detecting Pass-the-Hash Attacks with Log360
Uploaded: 2026-03-26T17:23:06-04:00
Duration: 5 min 44 s
Description: TL;DR Pass-the-Hash attacks exploit NTLM protocol to authenticate using stolen password hashes instead of plaintext passwords, enabling attackers to maintain persistent access until passwords are reset. Log360 provides MITRE ATT&CK-aligned detection re...

Manage Engine

03/26/2026

0 (0%)

Report Like Favorite

TL;DR

Pass-the-Hash attacks exploit NTLM protocol to authenticate using stolen password hashes instead of plaintext passwords, enabling attackers to maintain persistent access until passwords are reset.
Log360 provides MITRE ATT&CK-aligned detection reports that identify successful authentications without passwords through log and Sysmon analysis, with visual frequency tracking and detailed event metadata.
The solution includes SOAR capabilities for automated incident response such as terminating malicious processes, disabling compromised accounts, and isolating affected devices when Pass-the-Hash activity is detected.

Summary

This demonstration explains how ManageEngine's Log360 SIEM solution detects Pass-the-Hash attacks, a credential theft technique where attackers exploit NTLM protocol vulnerabilities to authenticate using stolen password hashes rather than plaintext passwords. The video walks through the attack methodology—from initial compromise through hash extraction using tools like Mimikatz to lateral movement and privilege escalation—and demonstrates Log360's out-of-the-box detection capabilities. The solution provides MITRE ATT&CK-aligned reporting under the Defense Evasion tactic, offering visual analytics and detailed event logging including IP addresses, event IDs, logon types, and process names. Log360's SOAR capabilities enable automated response workflows such as process termination and device/user disabling when Pass-the-Hash activity is detected. The presentation concludes with preventive best practices including mandatory password resets, MFA implementation, least privilege access controls, and security policy auditing.

Chapters

0:00 - Introduction to Pass-the-Hash Detection
0:17 - Understanding Pass-the-Hash Attacks
1:34 - Attack Methodology and Progression
3:02 - Log360 Detection Capabilities
4:38 - Prevention Best Practices

Key Quotes

0:17 "Pass-the-Hash is an identity-based attack in which adversaries pose as legitimate users to gain unauthorized access to a network."
1:18 "These hashed values remain the same until the user resets the password. Therefore, until and unless a user resets the password, attackers enjoy unlimited access to the network and its resources, aiding lateral movement and privilege escalation."
3:44 "Using log analysis and Sysvon analysis, Log360 accurately spots successful authentications that happen without passwords."
4:22 "Log360 also comes with SOAR capabilities. This means that if you associate a response workflow with an alert profile, Log360 will be able to carry out certain automated actions such as terminating a process or service and disabling a device or user."

Categories:

» Data Protection

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

05/12/2026

01:00 PM

05/12/2026

Transforming Black Box to Glass Box: Revealing Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-to-glass-box-revealing-hidden-threats-and-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Implementing Effective Strategies for Active Directory Security and Data Protection

https://www.truthinit.com/index.php/channel/1888/implementing-effective-strategies-for-active-directory-security-and-data-protection/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming Black Box to Glass Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-black-box-to-glass-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Its Lifecycle

https://www.truthinit.com/index.php/channel/1936/establishing-a-robust-ai-governance-framework-for-genai-throughout-its-lifecycle/
05/20/2026

10:00 PM

05/20/2026

APAC: Establishing an AI Governance Framework for GenAI Throughout the Deployment Process

https://www.truthinit.com/index.php/channel/1953/establishing-an-ai-governance-framework-for-genai-throughout-the-deployment-process/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/28/2026

10:00 AM

05/28/2026

Harnessing AI: Transforming Perception into Purposeful Mastery

https://www.truthinit.com/index.php/channel/1924/harnessing-ai-transforming-perception-into-purposeful-mastery/
05/28/2026

01:00 PM

05/28/2026

AI in the Fast Lane: Effectively Managing AI Security for Small Teams

https://www.truthinit.com/index.php/channel/1951/ai-in-the-fast-lane-effectively-managing-ai-security-for-small-teams/
06/02/2026

01:00 PM

06/02/2026

Satori Spring: Insights from Recent Research on the 2026 Threat Landscape

https://www.truthinit.com/index.php/channel/1930/satori-spring-insights-from-recent-research-on-the-2026-threat-landscape/
06/04/2026

02:00 AM

06/04/2026

Mastering the Unseen: Managing Shadow AI and Agentic MCP Traffic

https://www.truthinit.com/index.php/channel/1948/mastering-the-unseen-managing-shadow-ai-and-agentic-mcp-traffic/
06/16/2026

07:00 AM

06/16/2026

Transforming Data Risk into Actionable Priorities: What to Address First

https://www.truthinit.com/index.php/channel/1952/transforming-data-risk-into-actionable-priorities-what-to-address-first/