08-19-2014 08:49 AM
Be afraid of the golden ticket attack -- if malicious hackers can create the tickets, they can wreak whatever havoc they please.
The Windows security world is abuzz about Kerberos "golden ticket" attacks in the wake of a seminal presentation at Black Hat USA 2014, the best overview I've seen on the subject.
In a nutshell, if you have domain admin/local admin access on an Active Directory forest/domain, you can manipulate Kerberos tickets to get unauthorized access. A golden ticket attack is one in which you create a Kerberos-generating ticket that is good for 10 years or however long you choose.
InfoWorld/ Full Aricle Here/ http://www.infoworld.com/d/security/fear-the-golden-ticket-attack-248653