Comment on page
Silver, Golden, Diamond and Sapphire tickets are similar variants of forged Kerberos tickets, for different purposes and stealth levels, that can be used with pass-the-ticket to access services in an Active Directory domain.
servicebe an account in charge of various services indicated in its
ServicePrincipalNamesattribute, when one of
service's Kerberos keys is known, a silver ticket attack can be conducted to keep privileged access to those managed services until that account's password is changed.