A Toast to Kerberoast
Summary
This article describes a technique for remotely executing a Kerberoast attack through a Meterpreter session. The attack is designed to target an Internet-based Ubuntu 16.04 C2 server and facilitate password cracking.
IFF Assessment
FOE
The article details an offensive security technique (Kerberoast attack) used to compromise credentials, which is bad news for defenders.
Defender Context
The Kerberoast attack is a common technique used by attackers to extract service principal names (SPNs) and attempt to crack their associated password hashes. Defenders should be aware of this attack vector and implement measures to detect and prevent it, such as monitoring for suspicious Kerberos ticket requests and strengthening password policies for service accounts.