Ars Technica

Internet Explorer always using Kerberos authentication... even when unsupported.

Server: Fully-patched 2008 R2, running Certificate Services. The /certsrv virtual directory is using (I believe) default settings. Specifically, this means it's using Windows Authentication, with NTLM ...

Kerberoasting in 2025: How to protect your service accounts

Kerberoasting attacks let hackers steal service account passwords and escalate to domain admin, often without triggering ...
CSOonline

Don’t count on Kerberos to thwart pass-the-hash attacks

Several readers responded to my previous post on pass-the-hash attacks, asking if Kerberos authentication versus LANManager, NTLM, or NTLMv2 was an effective defense. It’s a good question, one that I ...
Dark Reading

Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts

Microsoft's Azure AD Kerberos service, a cloud-based identity and access management (IAM) service based on Kerberos authentication, can be attacked using techniques similar to those used by attackers ...
Dark Reading

Abusing Kerberos for Local Privilege Escalation

As the main authentication protocol for Windows enterprise networks, Kerberos has long been a favored hacking playground for security researchers and cybercriminals alike. While the focus has been on ...
SD Times

Altiscale announces updated, enterprise-class authentication security

Altiscale, Inc., the leading provider of Hadoop-as-a-Service, today announced that Kerberos authentication is now available in the Altiscale Data Cloud. Altiscale is the first and only ...
CSOonline

How to reset Kerberos account passwords in an Active Directory environment

A regular reset of the KRBTGT account password will help prevent golden ticket attacks that allow wide unauthorized access to your network. Most large enterprises regularly change their Kerberos ...