Statements (28)
Predicate | Object |
---|---|
gptkbp:instanceOf |
cybersecurity attack technique
|
gptkbp:affects |
Active Directory environments
|
gptkbp:category |
post-exploitation technique
lateral movement technique |
gptkbp:countermeasures |
limit service account privileges
monitor for abnormal ticket requests use strong service account passwords |
gptkbp:detects |
SIEM monitoring
unusual service ticket requests |
gptkbp:exploits |
service tickets
|
gptkbp:firstDescribed |
2014
Tim Medin |
gptkbp:goal |
obtain service account credentials
|
https://www.w3.org/2000/01/rdf-schema#label |
Kerberoasting
|
gptkbp:method |
extracting ticket hashes
offline brute-forcing of hashes requesting service tickets for SPNs |
gptkbp:relatedTo |
gptkb:Kerberos
gptkb:Active_Directory hash cracking |
gptkbp:riskFactor |
compromise of privileged accounts
|
gptkbp:target |
gptkb:Kerberos_authentication_protocol
|
gptkbp:usedIn |
penetration testing
|
gptkbp:uses |
gptkb:Impacket
gptkb:Rubeus Invoke-Kerberoast |
gptkbp:bfsParent |
gptkb:CrackMapExec
|
gptkbp:bfsLayer |
7
|