Dump account hashes using AS-REP roasting

Loads the Rubeus assembly into memory and executes an AS-REP roasting attack that exploits accounts with the option 'Do not require Kerberos preauthentication' set.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Conti Collect and Exfiltrate


Automatically collect information and exfiltrate with rclone to a cloud service.
Conti (Discovery)


Perform the initial discovery and credential access techniques used in Conti ransomware playbook.