Microsoft's Active Directory vulnerability called Kerberoasting, which exploits weak service account passwords and legacy RC4 encryption, continues to enable ransomware attacks in 2024. The vulnerability allows attackers who compromise a single employee laptop to obtain and crack service account passwords offline, potentially leading to network-wide access. Despite being known since 2014, Microsoft has not taken sufficient action to prevent these attacks by disabling legacy cryptographic options.

https://blog.cryptographyengineering.com/2025/09/10/kerberoasting/

#cybersecurity #activedirectory #kerberos #ransomware #encryption