How does a PtH attack occur?
1. An attacker gains a foothold on the network using tactics such as phishing, taking advantage of weak passwords, or by exploiting unpatched vulnerabilities.
2. Once comprise occurs and administrative right are obtained, an attacker may capture account credentials and use them to authenticate to other computers on the network in search of more privileged credentials.
3. If a domain administrator account is compromised during this process, the attacker is then able to access the domain controller - the central point of control for all computers, corporate identities and credentials – effectively giving them control and full access to all of the organization’s IT assets.