This Proof-of-Concept (PoC) project aims to identify anomalies in user session tokens that have been authorized using Golden Tickets on Windows PCs. This can serve as a valuable asset in security audits and anomaly detection.
- Detects inconsistencies in Security Identifiers (SIDs)
- Analyzes Privilege Attribute Certificate (PAC)
A significant amount of code in this project has been borrowed from the Koh project by GhostPack. Special thanks to the creators and contributors of Koh for their valuable work.
This project is entirely free and open-source. Feel free to use, modify, and distribute as you see fit. Please note that this software comes with no warranty.