This detection rule identifies suspicious Kerberos Ticket Granting Ticket (TGT) requests by monitoring Windows Security Event Logs, specifically Event Code 4768. It aims to spot anomalous requests that may signify exploitation of vulnerabilities like CVE-2021-36942, commonly associated with PetitPotam attacks leveraging tools such as Rubeus. The detection focuses on identifying requests with abnormal fields, which could indicate the use of a compromised certificate to illicitly request a Kerberos ticket. Such actions pose risks of privilege escalation and unauthorized access to sensitive resources within an organization, making this detection crucial for maintaining the integrity of an enterprise's security posture.