Rubeus

Rubeus provides capabilities for raw Kerberos interaction and common abuses within Active Directory environments. It is heavily adapted from Benjamin Delpy’s Kekeo project and Vincent LE TOUX’s MakeMeEnterpriseAdmin project, offering a robust set of features for security testing.

The tool supports various Active Directory authentication attacks, including AS-REP Roasting and Kerberoasting, as highlighted in OffSec training courses like PEN-200. These techniques target weaknesses in Kerberos ticket handling and service account permissions.

Use cases include penetration testing scenarios where testers need to exploit Kerberos protocols for privilege escalation or credential access in Windows domains. The binary is located at /usr/share/windows-resources/rubeus/Rubeus.exe.

Rubeus operates by directly interacting with Kerberos protocols in Active Directory environments, enabling raw manipulation of authentication tickets and requests. It leverages techniques such as AS-REP Roasting (targeting users without pre-authentication) and Kerberoasting (requesting and cracking service tickets), adapted from established projects like Kekeo and MakeMeEnterpriseAdmin. The tool executes as a C# binary, facilitating low-level protocol abuses.