Kerberoasting Scenario

SCENARIO INFORMATION

DESCRIPTION:

This scenario serves as a guide on how to:

– Abuse user-managed Windows service accounts that utilize weak passwords to compromise Active Directory Environments.

– Use a technique known as Kerberoasting to crack passwords offline.

– Understand the techniques of performing security assessments to identify Active Directory misconfigurations during penetration testing engagements.

OBJECTIVES AND OUTCOME:

After completing this scenario, you will be able to:

– Learn how user-managed Windows Service Accounts that utilize weak passwords can be abused.

PRE-REQUISITES:

In order to get the full benefit from this scenario, it is suggested that you have competencies in the following areas:

– Windows domains.

RECOMMENDED READING:

It is suggested that you consult with these recommended reading resources and pre-existing scenarios:

https://www.redsiege.com/wp-content/uploads/2019/12/kerb101.pdf

https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1493862736.pdf

https://www.youtube.com/watch?v=HHJWfG9b0-E

https://www.harmj0y.net/blog/redteaming/kerberoasting-revisited/

AUTHOR:

This scenario was created by Simon Loizides.

MODE SINGLEPLAYER
Type CYBER CHALLENGE
DIFFICULTY EASY
TIME 4 HOURS
COST 220 GEMS

Start Scenario

RegisterLogin
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on reddit
Reddit
Share on whatsapp
WhatsApp
Share on telegram
Telegram
Scroll to Top