Extracting Service Account Passwords with Kerberoasting

Service Account Attack #2: Extracting Service Account Passwords In our first post, we explored how an attacker can perform reconnaissance to discover service accounts within an Active Directory (AD) domain. Now that we know how to find service accounts, let’s look at how an attacker can compromise those accounts and use them to exploit their privileges. In this post, we will explore one such method for doing that: Kerberoasting. This method is especially scary because it requires no elevated privileges … Continue reading Extracting Service Account Passwords with Kerberoasting