npx claudepluginhub plurigrid/asi --plugin asiThis skill uses the workspace's default tool permissions.
> **Legal Notice:** This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws.
Guides red-teaming Pass-the-Ticket attacks: extract Kerberos tickets from LSASS, inject via Mimikatz/Rubeus, enable lateral movement without passwords. For authorized pentests mapping MITRE T1550.003.
Guides Pass-the-Ticket (PtT) attacks: extract Kerberos tickets from LSASS memory using Mimikatz/Rubeus, inject for impersonation and lateral movement in red-team exercises.
Performs Kerberoasting attacks on Active Directory service accounts using Impacket's GetUserSPNs.py to request TGS tickets for offline cracking. For authorized pentesting and red teaming.
Share bugs, ideas, or general feedback.
Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws.
Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate to services without knowing the user's password. By extracting Kerberos tickets from memory (LSASS) on a compromised host, an attacker can inject those tickets into their own session to impersonate the ticket owner and access resources as that user.
| Tool | Purpose | Command |
|---|---|---|
| Mimikatz | Ticket export/import | sekurlsa::tickets /export, kerberos::ptt |
| Rubeus | Ticket dumping and injection | dump, ptt, tgtdeleg |
| Impacket ticketConverter | Convert between formats | ticketConverter.py ticket.kirbi ticket.ccache |
| Impacket psexec/smbexec | Remote execution with ticket | KRB5CCNAME=ticket.ccache psexec.py |