Kerberos is the primary authentication method used in Active Directory domains to authenticate users and computers. Older operating systems support DES encryption, while Windows Server 2008 and later support AES encryption. Kerberos is prone to several types of attacks, such as Golden Ticket and Silver Ticket attacks, that exploit the way Kerberos tickets are created and used within an AD environment.
The Kerberos computer network security protocol manages authentication and authorization in Active Directory. Massachusetts Institute of Technology (MIT), which created Kerberos, describes it as using strong cryptography to enable a client to prove its identity to a server on an unsecured network connection. After client and server use Kerberos to prove their identities, they can also encrypt their communications to ensure privacy and data integrity. Two decades ago, the Kerberos protocol was a game-changer in regard to security, unification, and moving AD toward identity management. But the evolution of attack methods and cloud migration have made Kerberos increasingly vulnerable to cyber threats.
See also: Kerberos delegation abuse, Kerberos password guessing, Kerberoasting