@irenej it's been a really long while, I only vaguely remember messing with it and mostly following tutorials from underground forums, but I do wonder if you could replicate it today on a windows domain; Kerberos is historically very sensitive to ARP poisoning because it makes it very easy to steal tickets, and sometimes even generate your own (depending on how they verify the tickets)