diff --git a/lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb b/lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb
index bac177d20a..016d3c0efb 100644
--- a/lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb
+++ b/lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb
@@ -122,17 +122,21 @@ module Msf::Exploit::Remote::SMB::Client::KerberosAuthentication
 
       # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/7fd079ca-17e6-4f02-8449-46b606ea289c
       if @dialect == '0x0300' || @dialect == '0x0302'
-        @application_key = RubySMB::Crypto::KDF.counter_mode(
+        @application_key = Rex::Crypto::KeyDerivation::NIST_SP_800_108.counter_hmac(
           @session_key,
-          "SMB2APP\x00",
-          "SmbRpc\x00"
-        )
+          16,
+          'SHA256',
+          label: "SMB2APP\x00",
+          context: "SmbRpc\x00"
+        ).first
       else
-        @application_key = RubySMB::Crypto::KDF.counter_mode(
+        @application_key = Rex::Crypto::KeyDerivation::NIST_SP_800_108.counter_hmac(
           @session_key,
-          "SMBAppKey\x00",
-          @preauth_integrity_hash_value
-        )
+          16,
+          'SHA256',
+          label: "SMBAppKey\x00",
+          context: @preauth_integrity_hash_value
+        ).first
       end
       # otherwise, leave encryption to the default value that it was initialized to
     end