Skip to content

Services, Wiki-Artikel und Blog-Beiträge durchsuchen

↑↓NavigierenEnterÖffnenESCSchließen

Active Directory Attacks: Kerberoasting, Pass-the-Hash and Golden Ticket

Learn the most common Active Directory attack techniques—Kerberoasting, Pass-the-Hash, Golden Ticket—and how to defend your Windows infrastructure.

Summary: A method for cracking passwords or encryption keys by systematically trying every possible combination. Online brute-force attacks target login forms, while offline brute-force attacks crack stolen hashes. Mitigation: MFA, account lockout, rate limiting, and strong passwords.

Sources & References

  1. [1] Microsoft - Active Directory Security Best Practices - Microsoft
  2. [2] MITRE ATT&CK - Enterprise Techniques - MITRE Corporation
  3. [3] BloodHound - Attack Path Analysis - SpecterOps
  4. [4] BSI - Absicherung von Active Directory - Bundesamt für Sicherheit in der Informationstechnik

Questions about this topic?

Our experts advise you free of charge and without obligation.

Free Consultation

About the Author

Vincent Heinen
Vincent Heinen

Abteilungsleiter Offensive Services

E-Mail
PGP 1DDAA57F2B972787

M.Sc. IT-Sicherheit mit über 5 Jahren Erfahrung in offensiver Sicherheitsanalyse. Leitet die Durchführung von Penetrationstests mit Spezialisierung auf Web-Applikationen, Netzwerk-Infrastruktur, Reverse Engineering und Hardware-Sicherheit. Verantwortlich für mehrere Responsible Disclosures.

Responsible Disclosures: CVE-2023-0865 CVE-2025-43579 CVE-2025-53533
OSCP+ OSCP OSWP OSWA
Vollständiges Profil ansehen
This article was last edited on 03/29/2026. Responsible: Vincent Heinen, Abteilungsleiter Offensive Services at AWARE7 GmbH. License: CC BY 4.0 - free use with attribution: "AWARE7 GmbH, https://a7.de"