Home/ MITRE Matrix/ Credential Access/ T1558

T1558Steal or Forge Kerberos Tickets

T1558 — Steal or Forge Kerberos Tickets is a MITRE ATT&CK technique in the Credential Access tactic. Clankerusecase tracks 6 detection use cases covering it and 4 threat-intel articles citing it.

Credential Access

View on the matrix → Filter Detection Library MITRE official spec ↗

6Use cases

4Articles

5Sub-techniques

1Tactic

Sub-techniques (5)

T1558.004 · AS-REP Roasting T1558.005 · Ccache Files T1558.001 · Golden Ticket T1558.003 · Kerberoasting T1558.002 · Silver Ticket

Use cases covering this technique (6)

Windows Computer Account Created by Computer Account ESCU actions · alerting P Windows Computer Account Requesting Kerberos Ticket ESCU actions · alerting P Windows Computer Account With SPN ESCU actions · alerting P Windows Domain Admin Impersonation Indicator ESCU actions · alerting P Windows Kerberos Local Successful Logon ESCU actions · alerting P Windows Steal or Forge Kerberos Tickets Klist ESCU actions · hunting P

Articles citing this technique (4)

crit Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities art-76

crit Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection art-178

crit Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools art-316

crit DynoWiper update: Technical analysis and attribution art-590