With the upcoming updates rolling out through 2026, Microsoft is moving fully toward Kerberos as the primary authentication mechanism. Kerberos is significantly stronger by design, relying on time-based tickets, mutual authentication, and stronger cryptographic primitives. However, as with any complex protocol, Kerberos has its own weaknesses. Today we will explore this topic from both an offensive and defensive perspective.