Understanding Kerberoasting
HTML-код
- Опубликовано: 9 сен 2024
- Kerberoasting is the attack that keeps on giving for adversaries and penesters alike. First documented in 2014 by Tim Medin, Kerberoasting is a tactic that can be used after an initial compromise to gain access to alternate accounts in an Active Directory domain.
It typically involves an attacker issuing a series of LDAP queries to a Domain Controller in search of user accounts that possess a value known as a Service Principal Name (SPN).
If this value is set on an account, an attacker can request a service ticket (ST) for the identity, which is encrypted with the account’s NT hash. This service ticket can then be cracked offline by the attacker, which, if successful, will allow them to retrieve the cleartext password of the account.
