Kerberoasting for developers: why your Active Directory is probably misconfigured
The article discusses the security risks associated with Kerberoasting in Active Directory environments, particularly for developers. It highlights common misconfigurations that can lead to vulnerabilities, such as using domain admin accounts for applications and failing to rotate service account passwords. The author aims to educate developers on these issues to improve security practices within organizations.
- ▪Kerberoasting involves requesting TGS tickets for service accounts and cracking them offline to obtain plaintext passwords.
- ▪Any authenticated domain user can request a TGS for any SPN in the domain, making it a significant security risk.
- ▪Common misconfigurations include running applications as domain admin accounts and not enforcing password rotation for service accounts.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3944946) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Ayi NEDJIMI Posted on May 22 Kerberoasting for developers: why your Active Directory is probably misconfigured #security #activedirectory #devops #career If you are a developer who has ever been handed credentials to run a service on a Windows domain, you have probably contributed to a security problem you did not know existed. I am not saying this to be condescending — I did not understand Kerberoasting until I started doing Active Directory security reviews professionally.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
