Kerberoasting and Domain Accounts

Kerberos enables secure network communication in Windows environments, while Domain Accounts are a core part of Identity and Access Management. Adversaries can attack both of these and move through an environment largely undetected. Start detecting this covert behavior and begin stopping it in its tracks today.

Course Content

Detection, Validation, and Mitigation (Lab)


Kerberoasting and Domain Accounts
What is a Domain Account?


Kerberoasting and Domain Accounts
What is Kerberoasting?


Kerberoasting and Domain Accounts
Course Description

Kerberos is another core technology found in enterprise Windows environments across the globe. At its heart, Kerberos enables secure communication between clients and services on a network. Unfortunately, there have been many vulnerabilities in certain versions of the protocol and misconfigurations make the problem worse. Kerberoasting is possible when either weak hashing algorithms are used in an organization’s Kerberos implementation, or when sufficiently motivated threat actors put enough computing horsepower behind cracking these hashes.

Active Directory and its associated domain accounts are a regular feature in any enterprise Windows environment. They are a core part of the IAM strategy at these organizations. In fact, a properly secured domain environment can go a long way to thwarting adversary actions. Imagine if one of these adversaries were able to get their hands on a few legitimate domain accounts. Their actions on objective suddenly look a lot like regular user traffic and their ability to accomplish multiple tactics expands dramatically.

Get the hands-on skills you need to detect and mitigate these types of attacks in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by financially motivated threat group FIN7. Prevent adversaries from accomplishing the tactics of Credential Access, Defense Evasion, Persistence, Privilege Escalation, and Initial Access in your environment now.

This course is part of a Career Path:
No items found.

Instructed by

Master Instructor
Matthew Mullins

Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security. Matt has a Master's degree in Information Assurance and an exhaustive number of certifications ranging from frameworks, management, and hands-on hacking. Matt is a Technical SME at Cybrary, focusing on Adversarial Emulation and Red Teaming for course content.

Owen Dubiel

Owen is certified in the GIAC GSEC, CompTIA CySA+, and various other vendor-related certifications. He works both as a technical security engineer and as an SME architect instructor in his spare time. Spreading the word of cyber security is a passion of his. Owen lives in Southeast Michigan with his beautiful wife, daughter, and his dog, Thor. In his free time, Owen enjoys watching sports and movies, and spending time with his family.

Cybrary Logo
Certification Body
Certificate of Completion

Complete this entire course to earn a Kerberoasting and Domain Accounts Certificate of Completion