Language:
Kerberoasting is a type of attack that targets Active Directory service account credentials for offline password cracking. This attack seeks to gain access to service accounts by requesting service tickets and then cracking the service account's credentials offline. The classic Kerberoasting method is covered by the Kerberoasting
IOA. As mentioned in the name of the indicator, there is another way to do a Kerberoasting attack, with a stealthy approach that could bypass a lot of detections. Advanced attackers may favor this method to hope to remain invisible to most detection heuristics.
New Attack Paths? AS Requested Service Tickets
CISA - Security Tip (ST04-002) - Choosing and Protecting Passwords