Glossary

AS-REP ROASTING
defined.

An Active Directory attack against accounts with Kerberos preauthentication disabled — letting an attacker harvest crackable AS-REP responses for any such account.

A–Z

What is AS-REP Roasting?

Accounts with the DONT_REQ_PREAUTH UAC flag (often legacy service accounts) return a TGT that’s encrypted with the user’s password hash — no authentication required to request it. Tools like Rubeus automate harvesting.

Related terms.

Kerberoasting
Pass the Hash
Pass the Ticket
DCSync Attack

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.

Test for this in your stack

BOOK A FREE
scoping call.

30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.

Book Free Scoping Call →All Services

AS-REP ROASTINGdefined.

What is AS-REP Roasting?

Related terms.

Where this shows up.

BOOK A FREEscoping call.

AS-REP ROASTING
defined.

BOOK A FREE
scoping call.