Kerberoasting has become the red team’s best friend over the past several years, with various tools being built to support this technique. However, by failing to understand a fundamental detail concerning account encryption support, we haven’t understood the entire picture. This talk will revisit our favorite TTP, bringing a deeper understanding to how the attack works, what we’ve been missing, and what new tooling and approaches to kerberoasting exist.
Will Schroeder (@harmj0y) is an offensive engineer and red teamer for Specter Ops. He is a co-founder of GhostPack, Empire/Empyre, BloodHound, and the Veil-Framework, developed PowerView and PowerUp, is an active developer on the PowerSploit project, and is a Microsoft PowerShell MVP. He has spoken at a number of security conferences including ShmooCon, DerbyCon, Troopers, BlackHat, DEF CON, BlueHat Israel, and more on topics ranging from domain trust abuse to advanced offensive tradecraft.