Kerb

Dump Kerberos Tickets | https://github.com/MzHmO/PowershellKerberos

The Kerb command in Amnesiac enables users to retrieve Kerberos tickets from the Local Security Authority (LSA) cache on a target system. The functionality of this command depends on the privilege level of the user running it.

Privileged User:

If the Kerb command is executed by a privileged user, it will automatically elevate its privileges to NT AUTHORITY\SYSTEM. Once elevated, the command will proceed to dump all Kerberos tickets stored in the LSA cache on the target system.

Non-privileged User:

When run by a non-privileged user, the Kerb command will only be able to dump Kerberos tickets associated with the current user's logon session on the target system.