Golden Ticket

A Golden Ticket is a self-generated Kerberos ticket. It's most common to forge a Golden Ticket with Domain Administrator rights

A Golden Ticket requires four pieces of information:

  1. The user you want to forge a ticket.
  2. The domain you want to forge a ticket for.
  3. The domain's SID
  4. The NTLM hash of the krbtgt user on a domain controller.

Go to [beacon] -> Access -> Golden Ticket to forge a Golden Ticket from Cobalt Strike. Provide these four pieces of information and Cobalt Strike will use mimikatz to generate a ticket and inject it into your kerberos tray.