Glossary

KERBEROASTING
defined.

An Active Directory attack where an authenticated user requests Kerberos service tickets for accounts with SPNs, then cracks the ticket offline to recover the service account password.

A–Z

What is Kerberoasting?

Any domain user can request service tickets, and the ticket is encrypted with the service account’s password hash. Weak passwords for service accounts — common in legacy environments — mean offline cracking is fast. Defence: long, random service account passwords (gMSA preferred) and detection on TGS-REQ anomalies.

Related terms.

AS-REP Roasting
Pass the Hash
Pass the Ticket
DCSync Attack

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.

Test for this in your stack

BOOK A FREE
scoping call.

30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.

Book Free Scoping Call →All Services

KERBEROASTINGdefined.

What is Kerberoasting?

Related terms.

Where this shows up.

BOOK A FREEscoping call.

KERBEROASTING
defined.

BOOK A FREE
scoping call.