2 writeups tagged with Kerberoasting
FTP credentials from initial account. Targeted Kerberoasting via BloodHound paths, GenericWrite abuse, DCSync for Domain Admin hash.
SMB anonymous access to SYSVOL leaks GPP-encrypted password. Kerberoasting the Administrator SPN cracks the hash for full domain access.
