How to Reduce the Scope of Kerb Roasting Attacks

Defenders can identify preemptively what accounts have spns associated with them. We could then even go further to request tickets and try to you know Basically red team it and try to try to crack those. If the answer is no now we need to design a detection around those but we've reduced the scope Of the detection significantly. I think there's still like value in Create a detection that's looking for somebody for instance enumerating all accounts that have spns. But as far as where the actual like risk of them being successful with a kerb roasting attack is You've now potentially limited the scope to where you don't have to necessarily be worried about Every single account that has spn