Research Update Enhanced src/windows-hardening/active-direct...

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL:
• Blog Title: Research Update Enhanced src/windows-hardening/active-directory-methodology/asreproast.md
• Suggested Section: Research

🎯 Content Summary

Research Update for src/windows-hardening/active-directory-methodology/asreproast.md

This PR contains automated research updates including:

• Latest security vulnerabilities and attack vectors
• Updated techniques and tools
• Enhanced explanations and examples
• Additional references and resources

Generated by: HackTricks Research Agent
Timestamp: 2026-05-12 14:47:34 UTC

...

🔧 Technical Details

Research update for HackTricks content

🤖 Agent Actions

Done — updated /tmp/hacktricks_update_1n152goy/repo/src/windows-hardening/active-directory-methodology/asreproast.md.

• Refreshed the Linux examples with current impacket-GetNPUsers / GetNPUsers.py usage and current NetExec --asreproast workflows for both unauthenticated username lists and authenticated LDAP-backed collection, including the --kdcHost DNS-fallback note. (github.com)
• Added cracking guidance for RC4 vs AES AS-REP material, distinguishing $krb5asrep$23$ from $krb5asrep$17$ / $krb5asrep$18$, and updated the commands to use john --format=krb5asrep for 17/18/23 while keeping hashcat -m 18200 for etype 23. (mwrcybersec.com)
• Clarified the Event ID 4768 / pre-authentication note, added cleanup guidance for toggling DONT_REQ_PREAUTH, and tightened the no-credentials section with a cross-link to Kerberoast plus clearer ASRepCatcher relay vs listen behavior. (learn.microsoft.com)

Validation: basic file/path checks passed. mdbook build could not be run here because mdbook is not installed.

https://mwrcybersec.com/roasting-aes-as-reps
https://www.netexec.wiki/ldap-protocol/asreproast
https://github.com/Yaxxine7/ASRepCatcher
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4768
https://github.com/fortra/impacket/releases
https://github.com/fortra/impacket/issues/1479
https://github.com/fortra/impacket
https://github.com/openwall/john/issues/2821
https://github.com/hashcat/hashcat/issues/2603
https://github.com/GhostPack/Rubeus

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post:

Content Categories: Based on the analysis, this content was categorized under "Research".

Repository Maintenance:

• MD Files Formatting: 974 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0