October 28, 2020
Active Directory Attacks with Kerberoasting
Kerberoasting is now available in the SCYTHE Marketplace. Kerberoasting a method to steal encrypted Kerberos tickets from valid service accounts in Active Directory to then crack them and obtain the clear text password of service accounts. Originally discovered by Tim Medin of Red Siege, Kerberoasting is a subtechnique of Stealing Kerberos Tickets and tracked in MITRE ATT&CK as T1558.003. In this post, Tim Medin explains how Kerberoasting works during Unicon and also releases a Kerberoast module in the SCYTHE Marketplace to enable SCYTHE operators to seamlessly Kerberoast from within SCYTHE.