PT0-003 Question #178: Real Exam Question with Answer & Explanation

Question

A penetration tester compromises a Windows OS endpoint that is joined to an Active Directory local environment. Which of the following tools should the tester use to manipulate authentication mechanisms to move laterally in the network?

Options

• ARubeus
• BWinPEAS
• CNTLMRelayX
• DImpacket

Explanation

Explanation

Rubeus is the correct answer because it is a specialized C# toolset designed specifically to interact with and abuse Kerberos authentication in Active Directory environments - enabling attacks like Pass-the-Ticket, Kerberoasting, AS-REP Roasting, and ticket forging (Golden/Silver Tickets) that directly facilitate lateral movement. WinPEAS (B) is a privilege escalation enumeration script used to discover weaknesses on a local system, not to manipulate authentication or move laterally. NTLMRelayX (C) is an Impacket-based tool that relays NTLM authentication challenges between hosts, but it requires an active interception/relay scenario rather than post-compromise lateral movement via ticket manipulation. Impacket (D) is a broad Python library/framework with many capabilities (including some lateral movement tools like psexec.py), but it is not specifically focused on manipulating Kerberos authentication mechanisms, making Rubeus the more precise answer for this scenario.

🧠 Memory Tip

Think "Rubeus = Ruby-colored Kerberos dog" - Rubeus sounds like Rubeus Hagrid (from Harry Potter) who cares for magical creatures, just as Rubeus the tool "handles" Kerberos (the three-headed dog), making it your go-to for Kerberos ticket attacks in Active Directory.

No community discussion yet for this question.