A pass-the-hash attack utilizes what type of credentials to impersonate a user?

In a pass-the-hash attack, the primary technique focuses on the use of hashed credentials to impersonate a user. This method exploits the way many systems handle password authentication by allowing an attacker to use the hash of a password, rather than the actual password itself, to gain unauthorized access.

When a user logs in, their password is typically subjected to a hashing algorithm, transforming it into a fixed-size string of characters that does not directly reveal the original password. In a pass-the-hash attack, the attacker captures this hash (often from memory or through other means) and then uses it directly to authenticate as the user, bypassing the need to decipher the original password.

This method takes advantage of the fact that many systems do not require the original password for authentication but rather the hash, allowing an attacker to impersonate a user without knowing their plaintext password. This makes hashed credentials a key element in enabling the pass-the-hash method, solidifying the answer's accuracy.