Read more: www.microsoft.com
Kerberoasting is an Active Directory (AD) attack targeting the Kerberos authentication protocol to steal credentials. Attackers request service tickets encrypted with a key derived from an account password, then use offline brute-force attacks to guess and steal passwords. Accounts with weak passwords or using weaker encryption algorithms, particularly RC4, are more vulnerable. Microsoft recommends using gMSA or dMSA for service accounts, enforcing AES encryption, and employing multi-factor authentication (MFA) to strengthen security against this attack vector.