Blog Post

Microsoft Security Community Blog

3 MIN READ

Detecting LDAP based Kerberoasting with Azure ATP

Microsoft

Apr 17, 2019

In a typical Kerberoasting attack, attackers exploit LDAP vulnerabilities to generate a list of all user accounts with a Kerberos Service Principal Name (SPN) available. Once successful at listing th...

Updated May 11, 2021

Version 5.0

microsoft defender for identity

Tal Maor

Microsoft

Joined January 13, 2017

View Profile

Microsoft Security Community Blog

Follow this blog board to get notified when there's new activity

CookieMonster2019

Copper Contributor

Jun 04, 2019

Amazing work. This is one of the main reason why someone should sign up to Azure ATP. Its level of importance is much higher than most people think. If it was possible to detect AD Recon at an early stage. The attackers would be blind on the network and have to go back to NMAP scans or ARP scans the to gather information. But an LDAP detector could help to detect Reconnaissance on the AD and detect attacks such as Kerberoasting.