Esc
AS-REP Roasting - T1558.004

(ATT&CK® Technique)
Definition

Adversaries may reveal credentials of accounts that have disabled Kerberos preauthentication by Password Cracking Kerberos messages.
D3FEND Inferred Relationships

Browse the D3FEND knowledge graph by clicking on the nodes below.
        graph LR;

     T1558004["AS-REP Roasting"] --> |may-access| KerberosTicket["Kerberos Ticket"]; class T1558004 OffensiveTechniqueNode;
        class KerberosTicket ArtifactNode; click KerberosTicket href "/dao/artifact/d3f:KerberosTicket";
        click T1558004 href "/offensive-technique/attack/T1558.004/"; click KerberosTicket href "/dao/artifact/d3f:KerberosTicket"; T1558004["AS-REP Roasting"] --> |may-create| KerberosTicket["Kerberos Ticket"]; class T1558004 OffensiveTechniqueNode;
        class KerberosTicket ArtifactNode; click KerberosTicket href "/dao/artifact/d3f:KerberosTicket";
        click T1558004 href "/offensive-technique/attack/T1558.004/"; click KerberosTicket href "/dao/artifact/d3f:KerberosTicket";DecoyUserCredential["Decoy User Credential"] -->
          | spoofs | KerberosTicket["Kerberos Ticket"];

          DecoyUserCredential["Decoy User Credential"] -.->
            | may-deceive | T1558004["AS-REP Roasting"] ;
          class DecoyUserCredential DefensiveTechniqueNode;
          class KerberosTicket ArtifactNode;
          click DecoyUserCredential href "/technique/d3f:DecoyUserCredential";  CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -->
          | analyzes | KerberosTicket["Kerberos Ticket"];

          CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -.->
            | may-detect | T1558004["AS-REP Roasting"] ;
          class CredentialCompromiseScopeAnalysis DefensiveTechniqueNode;
          class KerberosTicket ArtifactNode;
          click CredentialCompromiseScopeAnalysis href "/technique/d3f:CredentialCompromiseScopeAnalysis";  AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -->
          | deletes | KerberosTicket["Kerberos Ticket"];

          AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -.->
            | may-evict | T1558004["AS-REP Roasting"] ;
          class AuthenticationCacheInvalidation DefensiveTechniqueNode;
          class KerberosTicket ArtifactNode;
          click AuthenticationCacheInvalidation href "/technique/d3f:AuthenticationCacheInvalidation";  CredentialRevocation["Credential Revocation"] -->
          | deletes | KerberosTicket["Kerberos Ticket"];

          CredentialRevocation["Credential Revocation"] -.->
            | may-evict | T1558004["AS-REP Roasting"] ;
          class CredentialRevocation DefensiveTechniqueNode;
          class KerberosTicket ArtifactNode;
          click CredentialRevocation href "/technique/d3f:CredentialRevocation";  CredentialRotation["Credential Rotation"] -->
          | regenerates | KerberosTicket["Kerberos Ticket"];

          CredentialRotation["Credential Rotation"] -.->
            | may-harden | T1558004["AS-REP Roasting"] ;
          class CredentialRotation DefensiveTechniqueNode;
          class KerberosTicket ArtifactNode;
          click CredentialRotation href "/technique/d3f:CredentialRotation";  TokenBinding["Token Binding"] -->
          | strengthens | KerberosTicket["Kerberos Ticket"];

          TokenBinding["Token Binding"] -.->
            | may-harden | T1558004["AS-REP Roasting"] ;
          class TokenBinding DefensiveTechniqueNode;
          class KerberosTicket ArtifactNode;
          click TokenBinding href "/technique/d3f:TokenBinding";  Multi-factorAuthentication["Multi-factor Authentication"] -->
          | uses | KerberosTicket["Kerberos Ticket"];

          Multi-factorAuthentication["Multi-factor Authentication"] -.->
            | may-harden | T1558004["AS-REP Roasting"] ;
          class Multi-factorAuthentication DefensiveTechniqueNode;
          class KerberosTicket ArtifactNode;
          click Multi-factorAuthentication href "/technique/d3f:Multi-factorAuthentication";  Token-basedAuthentication["Token-based Authentication"] -->
          | uses | KerberosTicket["Kerberos Ticket"];

          Token-basedAuthentication["Token-based Authentication"] -.->
            | may-harden | T1558004["AS-REP Roasting"] ;
          class Token-basedAuthentication DefensiveTechniqueNode;
          class KerberosTicket ArtifactNode;
          click Token-basedAuthentication href "/technique/d3f:Token-basedAuthentication";  CredentialTransmissionScoping["Credential Transmission Scoping"] -->
          | isolates | KerberosTicket["Kerberos Ticket"];

          CredentialTransmissionScoping["Credential Transmission Scoping"] -.->
            | may-isolate | T1558004["AS-REP Roasting"] ;
          class CredentialTransmissionScoping DefensiveTechniqueNode;
          class KerberosTicket ArtifactNode;
          click CredentialTransmissionScoping href "/technique/d3f:CredentialTransmissionScoping";  ReissueCredential["Reissue Credential"] -->
          | restores | KerberosTicket["Kerberos Ticket"];

          ReissueCredential["Reissue Credential"] -.->
            | may-restore | T1558004["AS-REP Roasting"] ;
          class ReissueCredential DefensiveTechniqueNode;
          class KerberosTicket ArtifactNode;
          click ReissueCredential href "/technique/d3f:ReissueCredential";  CredentialHardening["Credential Hardening"] -->
          | hardens | KerberosTicket["Kerberos Ticket"];

          CredentialHardening["Credential Hardening"] -.->
            | may-harden | T1558004["AS-REP Roasting"] ;
          class CredentialHardening DefensiveTechniqueNode;
          class KerberosTicket ArtifactNode;
          click CredentialHardening href "/technique/d3f:CredentialHardening";
json