Visuals for Kerberos authentication in Active Directory. These are excerpts taken from my Derbycon presentation.
Will add more later :)

- AS-REQ: authentication service request to a domain controller
- AS-REP: authentication service reply from a DC containing the TGT (if auth successful) encoded/signed by the krbtgt hash
- TGS-REQ: a ticket-granting service ticket request with the user’s TGT
- TGS-REP: a ticket-granting service ticket is sent containing a service ticket

- A user hash is sent to a domain controller (DC)
- Ticket Granting Ticket (aka auth token) is encoded with krbtgt (Kerberos ticket-granting service) hash
- Validated user requests access to computer or resource
- If valid, the DC sends back a service ticket that is encoded with a server hash
- A service ticket for a service or resource is sent with the encoded service account hash
Abuse :)
Overpass-the-Hash

Golden Tickets

Silver Tickets

Full deck: https://drive.google.com/file/d/1Q7SPz7cMa1YqMtJT4JoIfoJXECoobcA1/view