Diamond Tickets

Secondary Categories: 02 - Credential Access

Both Golden and Diamond Tickets rely on access to the KRBTGT key. However, Diamond Tickets have a more stringent requirement, almost always necessitating access to the AES256 key. This difference stems from their distinct operational methods:

Golden Tickets: These exploit the ability to create a completely new ticket granting ticket (TGT) from the ground up.
Diamond Tickets: These operate by intercepting legitimate TGTs issued by a domain controller (DC), decrypting them, modifying their contents, and then re-encrypting them.

The need for the AES256 key in Diamond Tickets is due to this decryption and re-encryption process of actual TGTs, whereas Golden Tickets bypass this step by fabricating the entire ticket.

Listing Active Directory Tokens

Resources:

Title	URL
Diamond Ticket Findings by TrustedSec	https://www.trustedsec.com/blog/a-diamond-in-the-ruff
Diamond Ticket Talk	https://www.youtube.com/watch?v=7qbSFYVQJ7A

The Void 🌌

Explorer

Diamond Tickets

Resources:

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer