Very good video! It's much easier to understand kerberoasting with a practical example. Any chance you can make a video on how to compile windows kernel exploits using Visual Studio?
11:18 A question here, how can yo know that what etype you are searching for is the TGS-REP 23 and not lets say... the TGS-REP 18 that its at its side?
Hey! I was wondering if you could explain something to me please: Per MITRE ATTACK definition of kerberoasting: "Portions of these tickets may be encrypted with the RC4 algorithm, meaning the Kerberos 5 TGS-REP etype 23 hash of the service account associated with the SPN is used as the private key and is thus vulnerable to offline Brute Force attacks that may expose plaintext credentials." This will result in windows log eid 4769 with encryption type 0x17. Is this the only time that this is dangerous? Only if this type of encryption was used? Working on a SIEM alarm to detect potential malicious kerberoasting :)
is it really NTLM hash inside the service account? I think that RC4 etype encrpytion of that password is equal to NTLM Hash, but AES-128 or AES-256 is completely different. Hashcat would take a LOT of time to decrypt it if password is strong enough.
I understand it requires a compromised account (normal account will do), can we use other abuse technique that does not require one? A different vector somehow. Thanks.
![[Attack]tive Directory: Compromising a Network in 20 Minutes Through Active Directory](http://i.ytimg.com/vi/MIt-tIjMr08/mqdefault.jpg)
![Hunxho - Ball Forever [Official Video]](http://i.ytimg.com/vi/nki9ZTF9Uls/mqdefault.jpg)
CONDA is the best infosec RUclipsr of all time. Respect bro!!
Thanks so much!
I’ve been working on my GPEN cert and your content has been very helpful with tying everything together at the end of each section!
I like the way you explain things, very simple, clear, informative, organized and get to the point. thanks a loot!
Thank you!
Great on-point explanation of the attack 👏
Excellent video. A lot easier than the OSCP explanation.
Great video bro definitely enjoyed it the whole way through. I'm sure this video will get a bunch of traction now that AD is on the OSCP lmao
I appreciate it!
I'm literally watching this video prepping to take the new OSCP exam lol
Thank you , just started to watch your stuff and you do an amazing job of showing and explaining exactly how it works , thank you so much!
Thank you!
Very clear and concise video. Thank you Brandon,
Neat and Comprehensive presentation!
Great work man.
Thank you!
Yesss more AD. Love the content. Keep it up ❤️
Thanks! I appreciate it
Awesome mate, keep them coming!
Great video, much helper than OSCP 23' course materials, appreciate
Thank you for the valuable information much appreciated.
Thanks for the high quality content! I just subscribed.
Thank you!
I found this very informative. Thanks
Very good explanation! Subscribed
Thank you!
You are awesome mate! Gold videos. ❤️
Thank you! Really appreciate it
Perfect explanation
Thank you!
Dude, you make awesome videos
Thank you! I really appreciate the support
Well done! Thank you!
Great vid. Clearly presented. Thanks!
Very good video! It's much easier to understand kerberoasting with a practical example. Any chance you can make a video on how to compile windows kernel exploits using Visual Studio?
Great content
Lets goo!
Thanks a bunch for this
Best!!!
11:18 A question here, how can yo know that what etype you are searching for is the TGS-REP 23 and not lets say... the TGS-REP 18 that its at its side?
If hostname of the SPN "DC-1" is replaced with another hostname, does it affect the Kerberoasting operation here?
Thanks!
Thank you so much! Very kind of you!
can you go over more AD attacks, golden ticket, silver, dc sync, etc
Hey! I was wondering if you could explain something to me please:
Per MITRE ATTACK definition of kerberoasting: "Portions of these tickets may be encrypted with the RC4 algorithm, meaning the Kerberos 5 TGS-REP etype 23 hash of the service account associated with the SPN is used as the private key and is thus vulnerable to offline Brute Force attacks that may expose plaintext credentials."
This will result in windows log eid 4769 with encryption type 0x17.
Is this the only time that this is dangerous? Only if this type of encryption was used?
Working on a SIEM alarm to detect potential malicious kerberoasting :)
How come you used John account and not the new sql account you created?
is it really NTLM hash inside the service account? I think that RC4 etype encrpytion of that password is equal to NTLM Hash, but AES-128 or AES-256 is completely different. Hashcat would take a LOT of time to decrypt it if password is strong enough.
Subscribed :) :)
Does the tool execution leave some footprint on the server for detection?
I understand it requires a compromised account (normal account will do), can we use other abuse technique that does not require one? A different vector somehow. Thanks.
The most common way I've seen this vector detected is from SPN enumeration. If you made a request to list all SPNs, some EDR programs may catch it.
Bro Please help to create more video relate to AD attack, I knew that me and someone here will need that resource for OSCP fighting.
Thank you for your explaination, but this is a very little part of kerberoasting.
I'm taking a course right now that I paid for, but this was a far better explanation on how to exploit this vulnerability.....smh