Dump account hashes using AS-REP roasting

/static/assets/windows-logo.svg
Loads the Rubeus assembly into memory and executes an AS-REP roasting attack that exploits accounts with the option 'Do not require Kerberos preauthentication' set.
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.0)
Test this TTP using one of our Operator chains
Conti Collect and Exfiltrate

2022-02-08

/static/assets/windows-logo.svg
Automatically collect information and exfiltrate with rclone to a cloud service.
Conti (Discovery)

2021-09-21

/static/assets/windows-logo.svg
Perform the initial discovery and credential access techniques used in Conti ransomware playbook.