💎Diamond Ticket attack
We can simply use the following Rubeus command to execute the attack. Note that the command needs to be run from an elevated shell (Run as administrator). We take the usual OPSEC care of using Loader and ArgSplit to encode the arguments "diamond"
This will spawn a shell, now we can access the DC
PreviousCommand execution on other DC via silver ticket on HTTP & WMINextAbuse the DSRM credential for persistence
Last updated