Kerberoasting has become the red team?s best friend over the past several years, with various tools being built to support this technique. However, by failing to understand a fundamental detail concerning account encryption support, we haven?t understood the entire picture. This talk will revisit our favorite TTP, bringing a deeper understanding to how the attack works, what we?ve been missing, and what new tooling and approaches to kerberoasting exist.

Will Schroeder (@harmj0y) is an offensive engineer and red teamer for Specter Ops. He is a co-founder of GhostPack, Empire/Empyre, BloodHound, and the Veil-Framework, developed PowerView and PowerUp, is an active developer on the PowerSploit project, and is a Microsoft PowerShell MVP. He has spoken at a number of security conferences including ShmooCon, DerbyCon, Troopers, BlackHat, DEF CON, BlueHat Israel, and more on topics ranging from domain trust abuse to advanced offensive tradecraft.

@harmj0y

Back to Derbycon 2019 video list