This analytic rule detects occurrences of Kerberos service ticket requests that use RC4 encryption, specifically leveraging Windows Event Log Security Event ID 4769. These requests can indicate potential Golden Ticket attacks, wherein attackers forge Kerberos Granting Tickets (TGT) using the NTLM password hash of the Krbtgt account to gain unauthorized access across an Active Directory environment. The identification of RC4 encryption is critical as its use is minimal in contemporary networks, which could signify malicious intent. Upon confirming a malicious incident, the intruders could move laterally through the network and execute further nefarious actions, leading to widespread compromise. It's essential to note that this detection technique may be circumvented if adversaries opt for AES encryption rather than the legacy NTLM hash.