Red Teaming/Active Directory

Kerberoasting 101

Extracting Service Account Credentials via SPN tickets.

Overview

Kerberoasting is a post-exploitation technique that allows an attacker to request a Kerberos service ticket (TGS) for any service principal name (SPN) in the domain. The vulnerability lies in the fact that any authenticated user can request these tickets.

Attack Execution

1. Enumerate SPNs:

powershell

Rubeus.exe kerberoast /stats

2. Request & Roast:

powershell

Rubeus.exe kerberoast /format:hashcat /outfile:hashes.txt

Mitigation

Ensure service accounts have complex, long passwords (25+ characters) to make offline cracking infeasible.

Continue Learning

AS-REP Roasting

Learn the next step in Active Directory attacks: targeting users without Kerberos pre-authentication enabled.

Golden Ticket Attack

Master the ultimate persistence technique by forging Kerberos Ticket Granting Tickets (TGTs).

Join Us. Cut Costs.
Focus on What Matters.

Unlock high-impact penetration testing that drives real security gains. Led by experts, tailored for results, and designed to stay budget-friendly.

Submit Info

Share your environment, scope, or compliance needs via our quick form.

Senior Review

A lead RadiumFox engineer reviews and tailors your assessment—no junior handoffs.

Optional Scoping Call

We'll clarify priorities and technical details if needed.

Clear Quote

Expect a fixed-cost proposal—no hidden fees or fluff.

Fast Kickoff

Once approved, most projects launch within 5–7 business days with full support.