0Pricing
Cyber Security Academy · Lesson

Kerberoasting and AS-REP Roasting

Request Kerberos service tickets and crack them offline with Hashcat.

Kerberos Ticket Encryption

Service tickets are encrypted with the service account's password hash. Any domain user can request a service ticket for any SPN. If the service account has a weak password, the ticket can be cracked offline.

What is Kerberoasting?

Kerberoasting requests service tickets for accounts with Service Principal Names (SPNs), extracts the encrypted ticket, and cracks it offline with Hashcat. No elevated privileges required — any domain user can do this.

# Steps:
# 1. Find accounts with SPNs
# 2. Request their service tickets
# 3. Extract ticket hashes
# 4. Crack with Hashcat

All lessons in this course

  1. Windows Authentication: NTLM and Kerberos
  2. Pass-the-Hash and Pass-the-Ticket Attacks
  3. Kerberoasting and AS-REP Roasting
  4. Active Directory Hardening
← Back to Cyber Security Academy