Skip to main content
AS-REP Roasting → domain compromise operation cover
COMING SOONIntermediatePRO

AS-REP Roasting → domain compromise

An unprivileged phishing foothold hunts for an account with Kerberos pre-authentication disabled, roasts its RC4-encrypted ticket, cracks it offline, dumps LSASS for more credentials, and rides RDP onto a domain controller. Work the domain controller's Kerberos events and the endpoint process tree to reconstruct the escalation.

40m
6 tasks
50 points
Pro

Launches tomorrow

Jul 3, 2026

Friday, July 3, 2026 at 9:00 AM

View Pro plans

Pro unlocks this operation at launch.

Training Tools

SIEMXDR

What you'll investigate

6 objectives unlock when this operation goes live.

1Find the roastable account
2Locate the origin host
3Name the process hiding the operator
4Trace the beacon
5Follow the pivot to the core
6Classify the credential-access technique

Be first when it launches

Create your account and grab Pro before launch. The moment this operation goes live on Jul 3, 2026, you can jump straight in.

Get Started Free

No credit card required — free forever