Diamond ticket: Golden and Silver tickets can usually be detected by probes that monitor the service ticket requests (
KRB_TGS_REQ) that have no corresponding TGT requests (
KRB_AS_REQ). Those types of tickets also feature forged PACs that sometimes fail at mimicking real ones, thus increasing their detection rates. Diamond tickets can be a useful alternative in the way they simply request a normal ticket, decrypt the PAC, modify it, recalculate the signatures and encrypt it again. It requires knowledge of the target service long-term key (can be the
krbtgt for a TGT, or a target service for a Service Ticket).