Golden Ticket For Sale
A golden ticket is a counterfeit TGT created with a stolen KDC key. An Oompa Loompa allows the attacker to create a fake domain administrator identity to gain access to any service on a domain. The KDC automatically trusts a TGT that is encrypted with a KDC key.
A willy Wonka attack is hazardous despite the entertaining reference to Charlie and the Chocolate Factory. But the attacker has subverted everyday authentication workflows and gained unlimited access to any account or resource on an Active Directory domain. Buy Room 920 Grape Shroom Jellies for sale.
So, the Ticket is the Kerberos authentication token for the KRBTGT account, a unique hidden version that encrypts all the authentication tokens for the DC. That Ticket can then use a pass-the-hash technique to log into an account, allowing attackers to move around unnoticed inside the network.