Learn Active Directory Kerberoasting

Показать описание

🔥 YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!

Рекомендации по теме

Комментарии

This guy is unstoppable, never misses a video, so damn consistent, ❤

syxdev

as a CRTE and CARTP holder, im glad to see alteredsec sponsoring the video. hopefully we'll see the certs appear on more job posting.

TehStoni

So by just getting a user on a domain you can get the TGT and TGS from the domain controller, cos it sees you as an authenticated user on the system..

phillydee

Mostly amazed by the absence of any huge walls of red text when powershell encounters some syntax error

brandn.

Thanks. I have done kerberoasting before but never understood what I was doing at this level. Super cool stuff.

rationalbushcraft

So this is why you've been asking twitter for the password? 😂

burekhacks

I still miss the honey badger video :(

nytr

It's amazing how a 22 minute video about kerberoasting only has about 2 minutes worth of kerberoasting

GebzNotJebz

So many of these attacks rely on already having domain admin or schema admin, or assume that the IT staff is hopelessly incompetent.

PullUps

Question. When you are enumerating the SPNs are the ones that are vulnerable the user must have access to correct? So if the HTTP SPN was vulnerable but the user did not have access to it they would not be able to get that TGS right?

christianbally

What windows server version did you use ?

NamikageJoel

@hammond
What OS do run on your baremetal ?

josephmensah

That's crazy - how does a typical AD setup prevent this? Is there some other system/service in place that prevents you obtaining hashes in the first place, or is it more so a matter of good password strength policies so that something like John can't crack the hashes as easily?

Smoth

It is a shame there's no easy way to snapshot an AD, no?

logiciananimal

You know, talking this fast, you're not really teaching anything as much as blowing through content that isn't digestible by people.

zzsql

I like you, but this one was a weak video. The whole scripting thing is way too much to "learn Active Directory Kerberoasting".

CRandJP

i mean .... yeah; with domain admin privileges anything is possible. So? Thats like saying "root bad! root evil!". Yes. Yes, it is. Very. Much more than you can imagine. So?

ololhxx

I actively despise AD and I don't even have a logical reason for it. just gut feeling.

BeWhoYouWant

Pretty useless information if you have a minimum requirement of at least 13 characters with good complexity , a good EDR installed

justethical

Every time I watch @johnhammond I just feel like an idiot, so unworthy 😞

scottspa

Learn Active Directory Kerberoasting

Learn Active Directory Kerberoasting

Attacking active directory | kerberoasting

How Kerberos Works

Attacking Active Directory - Kerberoasting

Kerberoasting Attack Demo

Kerberoasting Explained | Kerberos Authentication | Active Directory

Sec Tips #7: Attacking Active Directory - Kerberoasting

Kerberos vs. LDAP: What’s the Difference?

OSCP Guide to Kerberoasting - Active Directory

Hacking Active Directory for Beginners (over 5 hours of content!)

Attack Tutorial: How the Kerberoasting Attack Works

Understanding Kerberoasting

Top Active Directory Attacks: Understand, then Prevent and Detect

Threat Research - Active Directory Kerberos Attacks

Impacket GetUserSPNs & Kerberoasting Explained

SpecterOps Webinar Week Kerberoasting Revisted

Kerberoasting || Pass The Hash || Active Directory for OSCP

Windows Pentest Tutorial (Active Directory Game Over!)

Kerberos Simplified - CISSP Exam Prep

Active Directory Lab: Set Up and Test ASREPRoast and Kerberoasting Attacks Part 1

Attack Tutorial: How a Golden Ticket Attack Works

Kerberoasting Explained

Your Kerberoasting SIEM Rules Suck, and I Can Prove It!

Kerberoasting