Emulating and Detecting Kerberoasting | Red Canary

Learn why Kerberoasting is still such a popular attack vector, explore relevant data sources, and uncover visibility gaps by way of Atomic Red Team "Kerberoasting" was first identified by Tim Medin, CEO of ‪@RedSiege‬, nearly a decade ago, but Conti and other ransomware groups are reportedly leveraging it as part of their modern-day playbook. We explore why this post-exploitation technique is still so popular among adversaries, unpack relevant detection opportunities, and discuss how Atomic Red Team can help shore up your defenses. https://redcanary.com/blog/marshmallo... Kerberoasting (T1558.003)—a post-exploitation technique first identified nearly a decade ago—has reportedly been leveraged by the likes of Conti and Nobelium in recent months. As your security ally, Red Canary enables your team to focus on the highest priority security issues impacting your business. By removing your need to build and manage a threat detection operation, we help you focus on running your business securely and successfully. Our Managed Detection and Response delivers threat detection, hunting, and response—driven by human expert analysis and guidance—applied across your endpoints, cloud, and network security.