Contact us: info@akimbocore.com

Kerberoasting

Published: 19 October 2020    Last Updated: 03 July 2023

Any domain user within Active Directory can request a service ticket (TGS) for any service that has an SPN (Service Principal Name). A part of the service ticket will be encrypted with the NTLM hash of the target user, allowing for an offline bruteforce attack.

This is true for user accounts and computer accounts, but computer account passwords are randomised by default and rotated frequently (every 30 days). However service user accounts may have weak passwords set which could be cracked. This attack is commonly called Kerberoasting. Although, don’t confuse this attack with the similarly named ASREP Roasting. A common setup where you might find this vulnerability is where a service account has been set up for Microsoft SQL Server.


Continue Reading

Categories

Fixing

Guidance on remediating vulnerabilities.

Infrastructure

Articles concentrating on network and operating system level attacks.

Web Application

Articles covering attacks against web applications and their associated APIS.

Breaches

Articles concentrating on past data breaches, looking for lessons learned.

Wireless

Articles covering breaking into wireless networks and how to keep them safe.

Building

Articles about building secure systems.

Cheat Sheets

Cheat sheets containing common commands or payloads for common vulnerabilities.

Copyright © 2021 Akimbo Core Ltd

Company Number: 13143302

Build: 6-11