This is a comprehensive Kerberos attack reference covering the full spectrum from AS-REP roasting and Kerberoasting to golden/silver/diamond/sapphire ticket forgery and all three delegation abuse patterns. What stands out is the practical distinction between ticket types (golden vs diamond vs sapphire) with actual detection trade-offs, plus the resource-based constrained delegation walkthrough that includes the MAQ check and rbcd.py setup most guides skip. The attack chain routing to related skills (ACL abuse, ADCS, NTLM relay) is smart since Kerberos attacks rarely happen in isolation. Commands cover both Impacket and Rubeus with specific flags like /tgtdeleg for forcing RC4 tickets that crack faster. If you're doing AD pentesting beyond basic enumeration, you'll reference the delegation section and ticket comparison table constantly.
npx skills add https://github.com/yaklang/hack-skills --skill active-directory-kerberos-attacks