New Attack Techniques Target Active Directory: Diamond Ticket and Sapphire Ticket

The Diamond Ticket and Sapphire Ticket techniques represent new directions in attacks against Active Directory. The Sapphire variant is an enhanced version of the Diamond Ticket: while the Diamond Ticket simply modifies the PAC, Sapphire replaces the PAC with that of another privileged user. The article details the operation of these attacks.