MITRE ATT&CK™ Steal or Forge Kerberos Tickets - Technique T1558
Theory
Linux clients can authenticate to Active Directory environments using Kerberos, as can Windows machines. Therfore, Linux client might be storing different CCACHE tickets inside files. This tickets can be used and abused as any other kerberos ticket. In order to read this tickets you will need to be the user owner of the ticket or root inside the machine.
