# Forged tickets

Silver and Golden tickets are forged Kerberos tickets that can be used with [pass-the-ticket](https://red.infiltr8.io/ad/persistence/kerberos/broken-reference) to access services in an Active Directory domain.

* When one of `krbtgt`'s Kerberos keys is known, a [golden ticket](https://red.infiltr8.io/movement/kerberos/forged-tickets#golden-ticket) attack can be conducted to keep privileged access until that account's password is changed.
* Let `service` be an account in charge of various services indicated in its `ServicePrincipalNames` attribute, when one of `service`'s Kerberos keys is known, a [silver ticket](https://red.infiltr8.io/movement/kerberos/forged-tickets#silver-ticket) attack can be conducted to keep privileged access to those managed services until that account's password is changed.

{% content-ref url="../../movement/kerberos/forged-tickets" %}
[forged-tickets](https://red.infiltr8.io/ad/movement/kerberos/forged-tickets)
{% endcontent-ref %}