0Pricing
Cryptology Academy · Lesson

Kerberos Attack Techniques: Kerberoasting and Golden Ticket

Study Kerberoasting, Pass-the-Ticket, and Golden/Silver Ticket attacks and their cryptographic basis.

Kerberoasting Explained

Kerberoasting is an attack where an attacker requests Kerberos service tickets for accounts registered with SPNs (service accounts), then extracts the encrypted portion of those tickets and cracks them offline. Any domain user can request service tickets for any SPN, requiring no special privileges to perform the initial extraction.

Why Service Account Passwords Are Weak

Service account passwords are set by administrators and rarely changed, sometimes persisting for years or indefinitely. Many organizations use weak, human-memorable passwords for service accounts rather than strong random strings. This makes Kerberoasting highly effective: offline cracking of a service ticket often succeeds within hours or days.

All lessons in this course

  1. Kerberos Architecture and Ticket Flow
  2. Active Directory and Kerberos Integration
  3. Kerberos Attack Techniques: Kerberoasting and Golden Ticket
  4. Modern Identity: SAML, OIDC, and Hybrid Approaches
← Back to Cryptology Academy