No video
Your Kerberoasting SIEM Rules Suck, and I Can Prove It!
Рет қаралды 857
Күн бұрынIn this video, I will explore Kerberoasting. I will use Invoke-Kerberoast from Empire, Rubeus, and GetUserSpns.py from Impacket to Kerberoast in three different ways. I will then show why most SIEM rules for this attack don't work or are incomplete. I will also show how to prevent this attack with Group Policy and, for fun, crack the SPN hash with hashcat.
Rubeus: github.com/Gho...
Invoke-Kerberoast: github.com/Emp...
Impacket Tools: github.com/Sec...
Hashcat: hashcat.net/ha...
~-~~-~~~-~~-~
Please watch: "Red Team Tips February 1st: OPSEC Safe Active Directory Enumeration with SilentHound "
• Red Team Tips February...
~-~~-~~~-~~-~
@shayarand 2 жыл бұрын
Love your material!
@CyberAttackDefense 2 жыл бұрын
Keep on watching! If you have content suggestions please let me know.
@readypubggo5650 11 ай бұрын
Thanks for the content sir... ❤
@CyberAttackDefense 11 ай бұрын
Welcome!
@HAMETE Жыл бұрын
great video. Keep it up!
@CyberAttackDefense Жыл бұрын
Thanks! Tell your friends
@p4ul.e970 Жыл бұрын
what other ticket options are there? I can't find another, and sometimes it only says that those 3 are the most common
@CyberAttackDefense Жыл бұрын
Microsoft didn't define this. In some environments you will have to cut out 0x40810000 due to noise. Best defense is to move to AES then you would only see 0x11 or 0x12.
@p4ul.e970 Жыл бұрын
@@CyberAttackDefense i know, first week working as intern in a SOC, so as a challenge they told us to make a report of this for the clients that use weak encryption. So i've been 3 days researching about if it's possible to make a correlation rule based on behaviour, and it's really hard
Friendeez
Рет қаралды 20 МЛН
Cyber Attack & Defense
Рет қаралды 1,6 М.