AS-REP Roasting
AS-REP Roasting is a cyber attack that exploits a weakness in the Kerberos authentication protocol, which is used in many IT systems to authenticate users. Essentially, the attack involves requesting a Kerberos Authentication Service (AS) ticket for a non-existent user account, which the Kerberos server will grant. The attacker then uses a tool to extract the encrypted ticket and “roasts” it, meaning they use powerful computing resources to try to guess the password that was used to encrypt the ticket.
If successful, the attacker can then use the plaintext password to access the target system or network as the user whose ticket was roased. This attack can be particularly effective against environments that have weak passwords or do not have strict password policies in place. It can also be used by attackers to move laterally within a network, gaining access to more sensitive systems or information.
To protect against AS-REP Roasting, it is important to implement strong password policies, such as requiring complex passwords and regularly resetting them. Additionally, enabling Kerberos pre-authentication can help prevent the attack by requiring users to authenticate themselves using their passwords before obtaining an AS ticket.