Admin Accounts with SPNs — Hidden Risk Behind Kerberoasting

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/bd/e6/f3/bde6f3ba-1036-604a-d45f-058c1131c2aa/mza_13819881962082944253.jpg/600x600bb.jpg

Guardians of the Directory

Guardian of the Directory

18 episodes

5 days ago

Guardians of the Directory is the podcast for everything Active Directory security, management, and recovery. Join us as we dive into best practices, recent security events, listener Q&As, and expert interviews to equip you with the skills needed to protect your AD environment. Whether you’re an IT pro or a cybersecurity enthusiast, each episode delivers actionable insights to help you stay informed and secure. Become a Guardian of the Directory and tune in to strengthen your defenses!

Technology

RSS

All content for Guardians of the Directory is the property of Guardian of the Directory and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/42659774/cf4639657df8995a.jpg

Admin Accounts with SPNs — Hidden Risk Behind Kerberoasting

Guardians of the Directory

5 minutes 15 seconds

6 months ago

Admin Accounts with SPNs — Hidden Risk Behind Kerberoasting

🔍 Admin Accounts with SPNs — Hidden Risk Behind Kerberoasting | Directory Insights in 10 MinutesIn this episode, Craig Birch breaks down a major Active Directory security blind spot: Kerberoasting via privileged accounts with SPNs (Service Principal Names).You'll learn how attackers exploit these accounts — and how to find, assess, and fix the risk without breaking your apps.Straightforward, no fluff — just practical identity security guidance.🛠️ What You’ll Learn🔐 What SPNs are — and why they matter⚠️ How attackers use them in Kerberoasting attacks🖥️ Why ADUC isn’t enough for visibility💻 PowerShell + LDAP filters for fast discovery🧠 SDProp and how it flags privileged accounts🤝 Why app owner collaboration is critical🔁 Safer alternatives: gMSAs, strong passwords, and role reviews❌ Why auto-remediation can break things💡 PowerShell SpotlightpowershellCopyEditGet-ADUser -LDAPFilter "(&(admincount=1)(servicePrincipalName=*))" -Properties servicePrincipalName | Select-Object Name, servicePrincipalNameUse this to find privileged accounts with SPNs — the ones most at risk of Kerberoasting.✅ Quick TakeawaysScript it — don’t rely on ADUCNever auto-remove SPNs without impact analysisTalk to app owners before changesHarden service accounts or switch to gMSAsMonitor SDProp-marked accounts to shrink attack surface💬 Found this helpful? Like, share, or comment! Got a topic you want us to cover in 10 minutes or less? Drop it below — we’re listening.