Blog

An NTLM hash is the mathematical version of a password that Windows uses for legacy authentication. For years, the security industry has known that older versions of this system were broken. Now, the 2025 and 2026 security baselines target the death of the entire NTLM stack, including NTLMv2. Microsoft is pushing companies to use Kerberos …

Modern Kerberoasting detection has moved far beyond watching for bulk ticket requests. In 2026, sophisticated threat actors use targeted requests to blend seamlessly into normal network traffic. With Microsoft’s mandatory move to AES-256, defenders must focus on advanced KQL queries and specific bitmask signatures in Event ID 4769. Tactical Identity Defense: Mastering Kerberoasting Detection in …