All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Kerberoasting: Microsoft's Low-Tech, High-Impact Cryptographic Vulnerability

By

feross

8mo ago· 8 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Crackling crust, pillowy middle. The kind of bagel that earns a second cup of coffee.

Score100TypeanalysisSentimentnegative

Summary

The article discusses Kerberoasting, a cryptographic vulnerability in Microsoft systems that the author describes as "low tech, high-impact" and surprisingly still relevant despite being known for some time. The author expresses amazement that such vulnerabilities continue to exist in production software, noting they typically feel either jealous of the discoverers or impressed by their brilliance, but this particular vulnerability falls into a category that seems too basic to still be present in modern systems.

Key quotes

· 4 pulled
I learn about cryptographic vulnerabilities all the time, and they generally fill me with some combination of jealousy or else they impress me with the brilliance of their inventors
there's no way anyone could still do that in 2025
Microsoft calls 'low tech, high-impact'
This vulnerability isn't particularly new; in fact the worst part about it
Snippet from the RSS feed
I learn about cryptographic vulnerabilities all the time, and they generally fill me with some combination of jealousy (“oh, why didn’t I think of that”) or else they impress me w…

You might also wanna read

Security Researchers Reveal Critical PGP Vulnerabilities at 2025 Chaos Communications Congress

The article discusses email security vulnerabilities revealed at the 39th Chaos Communications Congress in late 2025, where security researc

soatok.blog·4mo ago

Prompt Injection Attacks: The Top Security Threat Hijacking AI Chatbots

Prompt injection attacks are a critical security vulnerability in AI systems where hidden instructions within user data (like emails or docu

buff.ly·12h ago

Quantum computing's security threats demand urgent preparation from IT professionals

The article discusses the impending quantum computing revolution and its dual nature: promising transformative advances while simultaneously

zdnet.com·12h ago

CISA warns security teams of wave of attacks targeting software supply chain credentials

CISA has issued a warning urging security teams to check for software development compromises, specifically regarding a wave of attacks targ

cybersecuritydive.com·20h ago

Security Researchers Expose Weak Encryption in Canon Enterprise Printers

During a network security assessment, security researchers discovered that Canon enterprise printers configured with default administrator c

securityboulevard.com·1d ago

New browser-based side-channel attack uses SSD activity analysis to spy on users

Researchers have discovered a new browser-based side-channel attack that can spy on users by analyzing SSD (Solid State Drive) activity thro

arstechnica.com·1d ago