Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Kerberoasting

Training Camp • Cybersecurity Glossary

What is Kerberoasting?

Kerberoasting extracts Kerberos service tickets from Active Directory to crack service account passwords offline against weak credentials.

Glossary > Identity & Access Management > Kerberoasting

Understanding Kerberoasting

Kerberoasting is an Active Directory attack in which an authenticated adversary requests Kerberos service tickets for accounts with a registered Service Principal Name, then extracts and cracks the tickets offline to recover the service account's plaintext password. Because the tickets are encrypted with the service account's password hash, weak passwords are vulnerable to offline brute-force or dictionary attacks. Defenses include strong service account passwords, group managed service accounts, and monitoring for anomalous ticket requests.

Learn More About Kerberoasting:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →