Compromised credentials are a key predatory weapon in the attackers arsenal, and this isn't changing in the foreseeable future. This talk will systematically explore why they can be prevented but never cut off completely, and how to leverage this knowledge in detection. In closing, we will pick apart IoCs focused on Pass-the-Hash (PtH), while detailing more efficient detection techniques focused on misused, donated, or otherwise compromised credentials.