Kerberoasting is an extremely useful attack method to establish persistence, lateral movement, or privilege escalation in a Windows Active Directory environment. This attack is caused by a user requesting a TGS for an account, typically a service account, that has a Service Principal Name (SPN) associated with it. An attacker could then use the TGS which is encrypted with the service account's NTLM password hash to crack the hash offline.

This video uses GetUserSPNs.py from Impacket.

Join my new Discord server: discord.gg/9CvTtHqWCX
Follow me on Twitter for updates:   / 0xconda  

If you found this video helpful and would like to support future creations, please considering visiting the following links:
Buy Me a Coffee: https://www.buymeacoffee.com/conda


Check out Impacket: https://github.com/SecureAuthCorp/imp...

00:00 What is Kerberoasting
05:06 Kerberoasting Setup in Lab
07:40: Kerberoasting Demo
12:21 Kerberoasting Mitigation