Kerberos related attacks are some of the favorite attack methodologies for penetration testers. These types of attacks can provide exciting ways to escalate privilege, hide in plain sight, and retain persistence for long periods of time. For those unfamiliar with the protocol, Kerberos, developed by MIT and employed by Microsoft’s Active Directory, outlines the way that clients on an unsecure network authenticate themselves to various services. When a user wants to connect to a service, they must first authenticate to the Kerberos Key Distribution Center (KDC), integrated with the Active Directory domain controller, which utilizes the KRBTGT service account to issue a ticket-granting ticket (TGT) to that user. The user then presents the TGT to the ticket granting service (TGS). Once the TGS verifies the authentication chain, the TGS issues the user a TGS ticket, that is then used to obtain access to the service.

In this 10-page guide you will get information on the following:

  • Kerberos Terminology and Definitions
  • Process Overview
  • Golden Tickets (link)
  • Silver Tickets (link)
  • Kerberoasting (link)
  • AS-REP Roasting (link)


Content provided by Andrew Kerley, Manager at LBMC.