Kerbiroast Authentication: How to Protect Your System From Attacks

Most of the most dangerous accounts that I have seen That are kerbiroastable Are not being legitimately used for kerbiroasting authentication. A lot of times they're like an admin who set up ms sequel on a system, you know seven years ago with their domain mn account and then that ms sequel computer Was decommissioned six years ago. You've had this really dangerous configuration With that has not been cleaned up one two three, right? Exactly. There's also this concept of restricting what systems users can log on to right? So actually in the service principal names attribute it will list out the system Where the kerbiroasts service is that that user is being used to