Kerberoasting

Portions of Kerberos tickets may be encrypted using the password hash of the target service, and is thus vulnerable to offline Brute Force attacks that may expose plaintext credentials.

By Tim Medin