Attacking Active Directory – Kerberoasting

Kerberoasting is an extremely useful attack method to establish persistence, lateral movement, or privilege escalation in a Windows Active Directory environment. This attack is caused by a user requesting a TGS for an account, typically a service account, that has…

Attacking Active Directory - Kerberoasting

Source

0
(0)

Kerberoasting is an extremely useful attack method to establish persistence, lateral movement, or privilege escalation in a Windows Active Directory environment. This attack is caused by a user requesting a TGS for an account, typically a service account, that has a Service Principal Name (SPN) associated with it. An attacker could then use the TGS which is encrypted with the service account’s NTLM password hash to crack the hash offline.

This video uses GetUserSPNs.py from Impacket.

Join my new Discord server: discord.gg/9CvTtHqWCX
Follow me on Twitter for updates: https://twitter.com/0xConda

If you found this video helpful and would like to support future creations, please considering visiting the following links:
Patreon: https://www.patreon.com/conda
Buy Me a Coffee: https://www.buymeacoffee.com/conda
Amazon affiliate link (anything purchased through this link will provide me with a small commission): https://amzn.to/3hsHzD2

Check out Impacket: https://github.com/SecureAuthCorp/impacket

00:00 What is Kerberoasting
05:06 Kerberoasting Setup in Lab
07:40: Kerberoasting Demo
12:21 Kerberoasting Mitigation

0 / 5. 0