Kerberoasting Requests service tickets for SPNs Offline cracking of encrypted ticket Exploits static, long-lived service account passwords Compromise of privileged service accounts Lateral movement Persistent access Looks like normal auth traffic Hard to distinguish from real ticket requests Offline cracking… Read More "Stop Identity-Based Attacks with Deception"
