Forged tickets

Silver, Golden, Diamond and Sapphire tickets are similar variants of forged Kerberos tickets, for different purposes and stealth levels, that can be used with to access services in an Active Directory domain.

When one of krbtgt's Kerberos keys is known, a (or , or ) attack can be conducted to keep privileged access until that account's password is changed.
Let service be an account in charge of various services indicated in its ServicePrincipalNames attribute, when one of service's Kerberos keys is known, a attack can be conducted to keep privileged access to those managed services until that account's password is changed.

PreviousKerberos NextDelegation to KRBTGT

Last updated 1 year ago

Was this helpful?