
COMING SOONIntermediatePRO
AS-REP Roasting → domain compromise
An unprivileged phishing foothold hunts for an account with Kerberos pre-authentication disabled, roasts its RC4-encrypted ticket, cracks it offline, dumps LSASS for more credentials, and rides RDP onto a domain controller. Work the domain controller's Kerberos events and the endpoint process tree to reconstruct the escalation.
40m
6 tasks
50 points
ProLaunches tomorrow
Jul 3, 2026
View Pro plansFriday, July 3, 2026 at 9:00 AM
Pro unlocks this operation at launch.
Training Tools
SIEMXDR
What you'll investigate
6 objectives unlock when this operation goes live.
1Find the roastable account
2Locate the origin host
3Name the process hiding the operator
4Trace the beacon
5Follow the pivot to the core
6Classify the credential-access technique
Be first when it launches
Create your account and grab Pro before launch. The moment this operation goes live on Jul 3, 2026, you can jump straight in.
Get Started FreeNo credit card required — free forever