T1558.003: Steal or Forge Kerberos Tickets: Kerberoasting - MITRE ATT&CK
Kerberoasting is an attack technique used to steal service account credentials in Active Directory environments. An attacker requests service tickets (TGS) associated with Service Principal Names (SPNs) and then extracts these tickets, which are encrypted with the service account's hash. The attacker can then attempt to crack the ticket offline to obtain the service account's password. This technique targets credential access and can lead to privilege escalation if the compromised account has elevated rights.
3 окт 2024