Mark 
Bypassing #Kerberoasting detections by using TrustedSec’s new #Orpheus tooling.
This changes the request for the juicy SPN you’re after so that the Kerberos options (0x40810010) and
ticket type (RC4 0x17) are no longer used and therefore detected🔥 
To counter this, create and alert on “Honey SPNs” and hope that the attackers query one of these instead - these accounts should never be queried.
https://www.trustedsec.com/blog/the-art-of-bypassing-kerberoast-detections-with-orpheus/
