#BoxFriday29 - Campfire-1 (Sherlock)

In this session of HTB KE, we’ll be diving into Sherlock – Kerberoasting Detection, where attendees will analyze artifacts and logs from a Domain Controller and an endpoint where Kerberoasting attack activity originated. This hands-on activity is designed to sharpen your blue team skills by teaching you how to detect Kerberoasting attempts within complex Active Directory environments. We’ll break down what to look for in event logs and artifacts, how to differentiate real attacks from false positives, and discuss detection strategies that can be applied in real-world SOC environments. Bring your laptop, a keen eye for detail, and get ready to level up your detection and analysis skills!