This chapter will focus on pass the hash attacks. After reading this chapter, the user will be able to define the characteristics of pass the hash attacks, identify what tools hackers use to pass the hash, and how to defend against this type of attack. We have three labs prepared for this chapter. The first lab will show how to get the hashed passwords and usernames using a RAT. The second lab will focus on passing the administrator's hashed password and then passing it to a second device, gaining access and establishing a session. The third lab will demonstrate how to crack the administrator's hashed password with a tool called John the Ripper. We will also discuss the various authentication protocols, such as Kerberos and NT LAN Manager (NTLM). Towards the end of the chapter, we will go over defense techniques against pass the hash attacks. For the labs in this chapter, we recommend that you use a Kali Linux attack machine, a Windows 7 victim, and a Windows Server 2012 R2 victim. We want to stress the importance of not using this information for illegal activity. The tools we are demonstrating in this chapter are extremely powerful and should only be used in an ethical manner.