Kerberoasting

URI: https://gptkb.org/entity/Kerberoasting
GPTKB entity
Statements (28)
Predicate Object
gptkbp:instanceOf cybersecurity attack technique
gptkbp:affects Active Directory environments
gptkbp:category post-exploitation technique
lateral movement technique
gptkbp:countermeasures limit service account privileges
monitor for abnormal ticket requests
use strong service account passwords
gptkbp:detects SIEM monitoring
unusual service ticket requests
gptkbp:exploits service tickets
gptkbp:firstDescribed 2014
Tim Medin
gptkbp:goal obtain service account credentials
https://www.w3.org/2000/01/rdf-schema#label Kerberoasting
gptkbp:method extracting ticket hashes
offline brute-forcing of hashes
requesting service tickets for SPNs
gptkbp:relatedTo gptkb:Kerberos
gptkb:Active_Directory
hash cracking
gptkbp:riskFactor compromise of privileged accounts
gptkbp:target gptkb:Kerberos_authentication_protocol
gptkbp:usedIn penetration testing
gptkbp:uses gptkb:Impacket
gptkb:Rubeus
Invoke-Kerberoast
gptkbp:bfsParent gptkb:CrackMapExec
gptkbp:bfsLayer 7