Kerberoasting Revisited

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 7, 2019, 1:30 p.m. (30 minutes)

Kerberoasting has become the red team’s best friend over the past several years, with various tools being built to support this technique. However, by failing to understand a fundamental detail concerning account encryption support, we haven’t understood the entire picture. This talk will revisit our favorite TTP, bringing a deeper understanding to how the attack works, what we’ve been missing, and what new tooling and approaches to kerberoasting exist.

Presenters:

• Will Schroeder / @harmj0y   as Will Schroeder
  Will Schroeder (@harmj0y) is an offensive engineer and red teamer for Specter Ops. He is a co-founder of GhostPack, Empire/Empyre, BloodHound, and the Veil-Framework, developed PowerView and PowerUp, is an active developer on the PowerSploit project, and is a Microsoft PowerShell MVP. He has spoken at a number of security conferences including ShmooCon, DerbyCon, Troopers, BlackHat, DEF CON, BlueHat Israel, and more on topics ranging from domain trust abuse to advanced offensive tradecraft.

Links:

• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Kerberoasting Revisited Will Schroeder.mp4
• https://www.youtube.com/watch?v=yrMGRhyoyGs