References
- A comment about the November 2021 update: https://www.thehacker.recipes/ad/movement/kerberos/forged-tickets/silver
- PAC requestor and Golden Ticket attacks: https://www.varonis.com/blog/pac_requestor-and-golden-ticket-attacks
- Detect malicious activity by checking checksums and ticket times: https://www.trustedsec.com/blog/red-vs-blue-kerberos-ticket-times-checksums-and-you/
- The WonkaVision tool: https://github.com/0xe7/WonkaVision
- Inserting SID History: https://www.thehacker.recipes/ad/persistence/sid-history
- ServerUntrustAccount: https://github.com/STEALTHbits/ServerUntrustAccount
- DCShadow script: https://github.com/samratashok/nishang/blob/master/ActiveDirectory/Set-DCShadowPermissions.ps1
- The GoldenGMSA tool: https://github.com/Semperis/GoldenGMSA
- A remote Skeleton Key attack: https://adsecurity.org/?p=1275
- ACE explained: https://helgeklein.com/blog/permissions-a-primer-or-dacl-sacl-owner-sid-and-ace-explained/