This skill guides an agent through the process of performing a Kerberoasting attack within an Active Directory environment. It focuses on requesting Service Tickets (TGS) for accounts with Service Principal Names (SPNs), extracting the encrypted hashes, and cracking them offline to obtain plaintext passwords of high-privilege service accounts.
Use this skill during red-teaming engagements or authorized security assessments when you have compromised a standard domain user account and need to escalate privileges to a service account or Domain Admin.
impacket-GetUserSPNs and Rubeus for hash extraction, and hashcat for offline cracking.Suitable for security-focused agents operating in a Linux/Windows hybrid environment (e.g., Kali Linux), such as Claude Code or specialized red-team agents.
This skill has not been reviewed by our automated audit pipeline yet.