A Golden Ticket attack is when an attacker has complete and unrestricted access to an entire domain – all computers, files, folders, and most importantly the access control system itself.
Golden Ticket attacks can be carried out against Active Directory domains, where access control is implemented using Kerberos tickets issued to authenticated users by a Key Distribution Service. The attacker gains control over the domain’s Key Distribution Service account (KRBTGT account) by stealing its NTLM hash. This allows the attacker to generate Ticket Granting Tickets (TGTs) for any account in the Active Directory domain. And with valid TGTs, the attacker can request from the Ticket Granting Service (TGS) access to any resource/system on its domain.
Because the attacker is controlling the component of the access control system that is responsible for issuing Ticket Granting Tickets (TGTs), he has the golden ticket to access any resource on the domain.