A Golden Ticket attack is a kind of cyberattack targeting the access control privileges of a Windows environment where Active Directory (AD) is in use.
In a golden ticket attack, adversaries use Kerberos tickets to take over the key distribution service of a legitimate user. Such an attack has far-reaching consequences.
The access privileges a golden ticket attack gives are widespread — including federating these privileges out of AD — and they are longterm as desired by the attacker. If control of one’s key distribution center (KDC) is lost, then adversaries can perform, assign themselves, or assign others virtually any domain-related tasks.
“Ugh, we just found ourselves on the wrong end of a Willy Wonka joke. We just got our first-ever successful golden ticket attack. Basically, these hackers are controlling all of our access-granting privileges for the time being.”