Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.


Kerberoasting and Domain Accounts

via Cybrary


Kerberos is another core technology found in enterprise Windows environments across the globe. At its heart, Kerberos enables secure communication between clients and services on a network. Unfortunately, there have been many vulnerabilities in certain versions of the protocol and misconfigurations make the problem worse. Kerberoasting is possible when either weak hashing algorithms are used in an organization’s Kerberos implementation, or when sufficiently motivated threat actors put enough computing horsepower behind cracking these hashes.

Active Directory and its associated domain accounts are a regular feature in any enterprise Windows environment. They are a core part of the IAM strategy at these organizations. In fact, a properly secured domain environment can go a long way to thwarting adversary actions. Imagine if one of these adversaries were able to get their hands on a few legitimate domain accounts. Their actions on objective suddenly look a lot like regular user traffic and their ability to accomplish multiple tactics expands dramatically.

Get the hands-on skills you need to detect and mitigate these types of attacks in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by financially motivated threat group FIN7. Prevent adversaries from accomplishing the tactics of Credential Access, Defense Evasion, Persistence, Privilege Escalation, and Initial Access in your environment now.


  • Kerberoasting and Domain Accounts
    • What is Kerberoasting?
    • What is a Domain Account?
    • Detection, Validation, and Mitigation (Lab)

Taught by

Owen Dubiel and Matthew Mullins


Start your review of Kerberoasting and Domain Accounts

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.