Pass the hash
Many users erroneously believe that hashed passwords stored in their internet browser cannot be used in attacks. In reality, however, attackers can use what are known as “hash dumping tools” which collect hashed passwords from a target (Windows) system. These can then be stored in the Local Authority Subsystem Service, which dupes the Windows system into thinking the attacker is an authenticated user.