exploiting-kerberoasting-with-impacket

Installation
SKILL.md

Exploiting Kerberoasting with Impacket

Overview

Kerberoasting (MITRE ATT&CK T1558.003) is a credential access technique that targets Active Directory service accounts by requesting Kerberos TGS (Ticket Granting Service) tickets for accounts with Service Principal Names (SPNs). The TGS ticket is encrypted with the service account's NTLM hash (RC4 or AES), enabling offline brute-force cracking. Impacket's GetUserSPNs.py is the standard tool for Linux-based Kerberoasting attacks.

When to Use

  • When performing authorized security testing that involves exploiting kerberoasting with impacket
  • When analyzing malware samples or attack artifacts in a controlled environment
  • When conducting red team exercises or penetration testing engagements
  • When building detection capabilities based on offensive technique understanding

Prerequisites

Installs
59
GitHub Stars
24.2K
First Seen
Mar 15, 2026
exploiting-kerberoasting-with-impacket — mukul975/anthropic-cybersecurity-skills