Kerberoasting is an attack technique where an attacker impersonates a user account to extract service account credentials from Active Directory. This low noise, low risk method allows the attacker to obtain a service account’s hash, which can then be cracked offline. The cracked password allows the attacker to log in and advance the attack.