Diamond Ticket

#

This attack requires to have Domain Admin privileges and be in control of any domain user.

Technically, Diamond Ticket is not about forging a ticket out of thin air, but modifying a legitimate TGT with corresponding AS-REQ and AS-REP, leaving less room for detection.