Has anyone had experience to detect Golden ticket attack using SPL?
ref:https://jpcertcc.github.io/ToolAnalysisResultSheet/Why not check event details and search these?