Pass-the-Hash Lab

If you haven't seen how a PtH attack works first hand, I highly recommend this lab. It walks through using mimikatz to use an NTLM hash to authenticate to a domain controller, then uses the PtH mitigations in Server 2016 like credential guard to defend.

https://blogs.technet.microsoft.com/datacentersecurity/2017/05/15/credential-guard-lab-companion/