Skip to main content
SearchLoginLogin or Signup

Kerberoasting: Case Studies of an Attack on a Cryptographic Authentication Technology

Published onSep 09, 2022
Kerberoasting: Case Studies of an Attack on a Cryptographic Authentication Technology
key-enterThis Pub is a Version of
Kerberoasting: Case Studies of an Attack on a Cryptographic Authentication Technology
Description

Kerberoasting, an attack vector aimed at the Kerberos authentication protocol, can be used as part of an adversary’s attack arsenal. Kerberos is a type of network authentication protocol that allows a client and server to conduct a mutual verification before providing the requested resource to the client. A successful Kerberoasting attack allows an adversary to leverage the architectural limitations of Kerberos, providing access to user password hashes that can be subject to offline cracking. A cracked user password could give a bad actor the ability to maintain persistence, move laterally, or escalate privileges in a system. Persistence or movement within a system is indispensable to a bad actor. Adversaries may use Kerberoasting to achieve this persistence or movement as part of a more effective attack. These attacks can include ransomware, stealthy removal of data from a system, or building a back door for future access. It is, therefore, vital to understand how Kerberoasting works to detect attacks and mitigate future attempts. We examine cases in which Kerberoasting has played a role in an attack or was used as a tool in an adversary’s arsenal and review the outcomes. We then discuss known ways to detect and mitigate Kerberoasting attacks and analyze how this information can inform enterprise policy.

 

Comments
0
comment
No comments here
Why not start the discussion?