Skip to content

Hide Navigation Hide TOC

Potential SPN Enumeration Via Setspn.EXE (1eeed653-dbc8-4187-ad0c-eeebb20e6599)

Detects service principal name (SPN) enumeration used for Kerberoasting

Cluster A Galaxy A Cluster B Galaxy B Level
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern Potential SPN Enumeration Via Setspn.EXE (1eeed653-dbc8-4187-ad0c-eeebb20e6599) Sigma-Rules 1
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 2