Kerberoasting is a post-exploitation attack used against Active Directory environments where an attacker requests service tickets (TGS) for SPNs (Service Principal Names) and then extracts them for offline brute force attacks.
The goal is to recover the plaintext password of a service account by cracking its hashed Kerberos ticket (encrypted with the account’s NTLM hash)
The attack exploits the fact that any authenticated user can request service tickets, and weak passwords on service accounts can be cracked offline without alerting the target system.
This technique is cataloged within MITRE ATT&CK as T1558.003
https://attack.mitre.org/techniques/T1558/003/