SECURITYBLEEPING COMPUTER
Why Changing Passwords Doesn’t End an Active Directory Breach
Resetting a password doesn't always remove attackers from Active Directory, as cached credentials and Kerberos tickets can keep them authenticated after a reset. This is explained by Specops Software. Attackers can remain in the system even after a password change.