Forged tickets

Silver, Golden, Diamond and Sapphire tickets are similar variants of forged Kerberos tickets, for different purposes and stealth levels, that can be used with pass-the-ticket to access services in an Active Directory domain.

When one of krbtgt's Kerberos keys is known, a golden ticket (or diamond, or sapphire) attack can be conducted to keep privileged access until that account's password is changed.
Let service be an account in charge of various services indicated in its ServicePrincipalNames attribute, when one of service's Kerberos keys is known, a silver ticket attack can be conducted to keep privileged access to those managed services until that account's password is changed.

Reconnaissance

Movement

Credentials

Dumping

Bruteforcing

MITM and coerced auths

NTLM

Kerberos

Forged tickets

Delegations

DACL abuse

Netlogon

Certificate Services (AD-CS)

SCCM / MECM

Exchange services

Print Spooler Service

Schannel

Built-ins & settings

Kerberos

Certificate Services (AD-CS)

HTTP security headers

Identity and Access Management

File inclusion

LFI to RCE

Initial access (protocols)

Windows

UNIX-like

(AV) Anti-Virus

Mifare Classic

Android

Forged tickets

Dumping

Bruteforcing

MITM and coerced auths

NTLM

Kerberos

Forged tickets

Delegations

DACL abuse

Certificate Services (AD-CS)

SCCM / MECM

Certificate Services (AD-CS)

HTTP security headers

File inclusion

LFI to RCE

Windows

UNIX-like

Mifare Classic

Forged tickets ​

Forged tickets