Kerberoasting

URI: https://gptkb.org/entity/Kerberoasting
GPTKB entity
Statements (28)
Predicate Object
gptkbp:instanceOf gptkb:cybersecurity_attack_technique
gptkbp:affects Active Directory environments
gptkbp:category post-exploitation technique
lateral movement technique
gptkbp:countermeasures limit service account privileges
monitor for abnormal ticket requests
use strong service account passwords
gptkbp:detects SIEM monitoring
unusual service ticket requests
gptkbp:exploits service tickets
gptkbp:firstDescribed 2014
Tim Medin
gptkbp:goal obtain service account credentials
gptkbp:method extracting ticket hashes
offline brute-forcing of hashes
requesting service tickets for SPNs
gptkbp:relatedTo gptkb:Kerberos
gptkb:Active_Directory
hash cracking
gptkbp:riskFactor compromise of privileged accounts
gptkbp:target gptkb:Kerberos_authentication_protocol
gptkbp:usedIn penetration testing
gptkbp:uses gptkb:Impacket
gptkb:Rubeus
Invoke-Kerberoast
gptkbp:bfsParent gptkb:CrackMapExec
gptkbp:bfsLayer 8
https://www.w3.org/2000/01/rdf-schema#label Kerberoasting