How does mimikatz's Pass-the-Hash differ from its Pass-the-Ticket approach?

Mimikatz's Pass-the-Hash (`sekurlsa::pth`) requires local administrator privileges because it injects into the `lsass.exe` process to overwrite credentials. In contrast, Pass-the-Ticket uses the external tool `kekeo` to request a TGT with just the user's NT hash, then imports that ticket via `kerberos::ptt`—all without admin rights. This makes Pass-the-Ticket a viable alternative when administrator privileges are unavailable. For more on related techniques, refer to Penetration Techniques - Pass the Hash with Remote Desktop (Restricted Admin Mode).