Courses
OffensiveIntermediate
Kerberos Attack Techniques
Exploit Kerberos authentication for AD domain compromise.
6 modules
19 lessons
38 practical tasks
About This Course
Master Kerberos authentication attacks in Active Directory environments from reconnaissance through domain compromise. Learn to identify attack opportunities through SPN and delegation enumeration, execute AS-REP Roasting and Kerberoasting for credential extraction, forge Golden and Silver Tickets for persistence, and exploit delegation mechanisms for privilege escalation.
What You'll Learn
- Analyze the Kerberos authentication protocol and identify security-relevant components including encryption types, ticket structures, and pre-authentication mechanisms
- Perform comprehensive Kerberos reconnaissance to enumerate SPNs, AS-REP Roastable accounts, and delegation configurations
- Execute AS-REP Roasting and Kerberoasting attacks to extract crackable credential material from domain accounts
- Forge Golden Tickets and Silver Tickets for domain persistence and targeted service access
- Exploit unconstrained, constrained, and resource-based constrained delegation for lateral movement and privilege escalation
- Implement advanced attack chains including Diamond Tickets and cross-domain trust abuse for comprehensive domain compromise
- Apply operational security techniques to reduce detection during Kerberos-focused security assessments
- Develop a structured Kerberos attack methodology for professional penetration testing engagements
Prerequisites
- Active Directory fundamentals
- Windows command-line proficiency
- Basic networking concepts