Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Kerberoasting extracts Kerberos service tickets from Active Directory to crack service account passwords offline against weak credentials.
Kerberoasting Definition: Kerberoasting extracts Kerberos service tickets from Active Directory to crack service account passwords offline against weak credentials.
Kerberoasting is an Active Directory attack in which an authenticated adversary requests Kerberos service tickets for accounts with a registered Service Principal Name, then extracts and cracks the tickets offline to recover the service account's plaintext password. Because the tickets are encrypted with the service account's password hash, weak passwords are vulnerable to offline brute-force or dictionary attacks. Defenses include strong service account passwords, group managed service accounts, and monitoring for anomalous ticket requests.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →