Kerberoasting Scenario

SCENARIO INFORMATION

DESCRIPTION:

This scenario serves as a guide on how to:

– Abuse user-managed Windows service accounts that utilize weak passwords to compromise Active Directory Environments.

– Use a technique known as Kerberoasting to crack passwords offline.

– Understand the techniques of performing security assessments to identify Active Directory misconfigurations during penetration testing engagements.

OBJECTIVES AND OUTCOME:

After completing this scenario, you will be able to:

– Learn how user-managed Windows Service Accounts that utilize weak passwords can be abused.

PRE-REQUISITES:

In order to get the full benefit from this scenario, it is suggested that you have competencies in the following areas:

– Windows domains.

RECOMMENDED READING:

It is suggested that you consult with these recommended reading resources and pre-existing scenarios:

https://www.redsiege.com/wp-content/uploads/2019/12/kerb101.pdf

https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1493862736.pdf

https://www.youtube.com/watch?v=HHJWfG9b0-E

https://www.harmj0y.net/blog/redteaming/kerberoasting-revisited/

AUTHOR:

This scenario was created by Simon Loizides.

MODE SINGLEPLAYER
Type CYBER CHALLENGE
DIFFICULTY EASY
TIME 4 HOURS

Start Scenario

RegisterLogin

Other Scenarios

Facebook
Twitter
LinkedIn
Reddit
WhatsApp
Telegram
Scroll to Top

Upcoming Webinar Events

Join CYBER RANGES and guests on live Webinars and Bootcamps

Sign up to learn skills and practise on the CYBER RANGES platform