fwiw, you can speed up cracking RC4 kerberoast tickets by requesting the ticket from the AS without a PAC
2
7
59
4K
24
@exploitph Awesome work and love the blogs. Curious on the speed increase you're seeing? I had done some testing and am not really seeing an increase in cracking speed between normally kerberoasting SPN's and requesting the ST without a PAC (include-pac false).
@exploitph Does this require having the user access control attribute of NO_AUTH_DATA_REQUIRED? I don’t look for that often, but from what I have seen, that’s usually not set.