Timeroasting
Introduction Some time ago i came across a CTF where no techniques worked for elevating foothold. Then someone mentioned “Timeroasting.” I went down the rabbit hole, found Tom Tervoort’s write-up explaining the attack, followed his steps—and cracked my way into a machine account with a weak password. That opened up lateral movement in the environment. Everyone knows Kerberos falls apart if the time is more than five minutes out of sync. What almost nobody realizes is that the exact mechanism keeping those clocks aligned quietly leaks crackable data for every computer account in the domain. No credentials needed. No logs. No patch, either—because Microsoft built it this way on purpose. ...