Conclusion and Resources

We've gone through everything from the initial enumeration of Kerberos, dumping tickets, pass the ticket attacks, kerberoasting, AS-REP roasting, implanting skeleton keys, and golden/silver tickets. I encourage you to go out and do some more research on these different types of attacks and really find what makes them tick and find the multitude of different tools and frameworks out there designed for attacking Kerberos as well as active directory as a whole.

You should now have the basic knowledge to go into an engagement and be able to use Kerberos as an attack vector for both exploitations as well as privilege escalation.

Resources

• https://medium.com/@t0pazg3m/pass-the-ticket-ptt-attack-in-mimikatz-and-a-gotcha-96a5805e257a

• https://ired.team/offensive-security-experiments/active-directory-kerberos-abuse/as-rep-roasting-using-rubeus-and-hashcat

• https://posts.specterops.io/kerberoasting-revisited-d434351bd4d1

• https://www.harmj0y.net/blog/redteaming/not-a-security-boundary-breaking-forest-trusts/

• https://www.varonis.com/blog/kerberos-authentication-explained/

• https://www.blackhat.com/docs/us-14/materials/us-14-Duckwall-Abusing-Microsoft-Kerberos-Sorry-You-Guys-Don't-Get-It-wp.pdf

• https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1493862736.pdf

• https://www.redsiege.com/wp-content/uploads/2020/04/20200430-kerb101.pdf