Exam 312-50v13 Topic 1 Question 509 Discussion
Actual exam question for ECCouncil's 312-50v13 exam
Question #: 509
Topic #: 1
Question #: 509
Topic #: 1
A malicious user has acquired a Ticket Granting Service from the domain controller using a valid user's Ticket Granting Ticket in a Kerberoasting attack. He exhorted the TGS tickets from memory for offline cracking. But the attacker was stopped before he could complete his attack. The system administrator needs to investigate and remediate the potential breach. What should be the immediate step the system administrator takes?
Suggested Answer: D Vote an answer
A Kerberoasting attack is a technique that exploits the Kerberos authentication protocol to obtain the password hash of a service account that has a Service Principal Name (SPN). An attacker can request a service ticket (TGS) for the SPN using a valid user's ticket (TGT) and then attempt to crack the password hash offline. To prevent the attacker from using the TGS to access the service, the system administrator should invalidate the TGS as soon as possible. This can be done by changing the password of the service account, which will generate a new password hash and render the old TGS useless. Alternatively, the system administrator can use tools like Mimikatz to purge the TGS from the memory of the domain controller or the client system. Performing a system reboot, deleting the compromised user's account, or changing the NTLM password hash used to encrypt the ST are not effective ways to invalidate the TGS, as they do not affect the encryption of the TGS or the validity of the TGT. References:
EC-Council CEHv13 Courseware Module 11: Hacking Webservers, page 11-24
What is a Kerberoasting Attack? - CrowdStrike
How to Perform Kerberoasting Attacks: The Ultimate Guide - StationX
EC-Council CEHv13 Courseware Module 11: Hacking Webservers, page 11-24
What is a Kerberoasting Attack? - CrowdStrike
How to Perform Kerberoasting Attacks: The Ultimate Guide - StationX
by Enoch at Jul 01, 2026, 12:13 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).