diff --git a/windows/active-directory-methodology/resource-based-constrained-delegation.md b/windows/active-directory-methodology/resource-based-constrained-delegation.md
index 325a2607..3bd767f0 100644
--- a/windows/active-directory-methodology/resource-based-constrained-delegation.md
+++ b/windows/active-directory-methodology/resource-based-constrained-delegation.md
@@ -118,6 +118,10 @@ ls \\victim.domain.local\C$
 
 ![](../../.gitbook/assets/b4.png)
 
+### Abuse different service tickets
+
+Lear about the [**available service tickets here**](silver-ticket.md#available-services).
+
 ## Kerberos Errors
 
 * **`KDC_ERR_ETYPE_NOTSUPP`**: This means that kerberos is configured to not use DES or RC4 and you are supplying just the RC4 hash. Supply to Rubeus at least the AES256 hash \(or just supply it the rc4, aes128 and aes256 hashes\). Example: `[Rubeus.Program]::MainString("s4u /user:FAKECOMPUTER /aes256:CC648CF0F809EE1AA25C52E963AC0487E87AC32B1F71ACC5304C73BF566268DA /aes128:5FC3D06ED6E8EA2C9BB9CC301EA37AD4 /rc4:EF266C6B963C0BB683941032008AD47F /impersonateuser:Administrator /msdsspn:CIFS/M3DC.M3C.LOCAL /ptt".split())`
diff --git a/windows/active-directory-methodology/silver-ticket.md b/windows/active-directory-methodology/silver-ticket.md
index b9bd4942..9a7602dd 100644
--- a/windows/active-directory-methodology/silver-ticket.md
+++ b/windows/active-directory-methodology/silver-ticket.md
@@ -42,3 +42,69 @@ Silver ticket events ID \(more stealth than golden ticket\):
 
 \*\*\*\*[**More information about Silver Tickets in ired.team**](https://ired.team/offensive-security-experiments/active-directory-kerberos-abuse/kerberos-silver-tickets)\*\*\*\*
 
+## Available Services
+
+<table>
+  <thead>
+    <tr>
+      <th style="text-align:left">Service Type</th>
+      <th style="text-align:left">Service Silver Tickets</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td style="text-align:left">WMI</td>
+      <td style="text-align:left">
+        <p>HOST</p>
+        <p>RPCSS</p>
+      </td>
+    </tr>
+    <tr>
+      <td style="text-align:left">PowerShell Remoting</td>
+      <td style="text-align:left">
+        <p>HOST</p>
+        <p>HTTP</p>
+        <p>Depending on OS also:</p>
+        <p>WSMAN</p>
+        <p>RPCSS</p>
+      </td>
+    </tr>
+    <tr>
+      <td style="text-align:left">WinRM</td>
+      <td style="text-align:left">
+        <p>HOST</p>
+        <p>HTTP</p>
+        <p>In some occasions you can just ask for: WINRM</p>
+      </td>
+    </tr>
+    <tr>
+      <td style="text-align:left">Scheduled Tasks</td>
+      <td style="text-align:left">HOST</td>
+    </tr>
+    <tr>
+      <td style="text-align:left">Windows File Share, also psexec</td>
+      <td style="text-align:left">CIFS</td>
+    </tr>
+    <tr>
+      <td style="text-align:left">LDAP operations, included DCSync</td>
+      <td style="text-align:left">LDAP</td>
+    </tr>
+    <tr>
+      <td style="text-align:left">Windows Remote Server Administration Tools</td>
+      <td style="text-align:left">
+        <p>RPCSS</p>
+        <p>LDAP</p>
+        <p>CIFS</p>
+      </td>
+    </tr>
+    <tr>
+      <td style="text-align:left">Golden Tickets</td>
+      <td style="text-align:left">krbtgt</td>
+    </tr>
+  </tbody>
+</table>
+
+Using **Rubeus** you may **ask for all** these tickets using the parameter:
+
+* `/altservice:host,RPCSS,http,wsman,cifs,ldap,krbtgt,winrm`
+

Service Type	Service Silver Tickets
WMI	+ HOST + RPCSS +
PowerShell Remoting	+ HOST + HTTP + Depending on OS also: + WSMAN + RPCSS +
WinRM	+ HOST + HTTP + In some occasions you can just ask for: WINRM +
Scheduled Tasks	HOST
Windows File Share, also psexec	CIFS
LDAP operations, included DCSync	LDAP
Windows Remote Server Administration Tools	+ RPCSS + LDAP + CIFS +
Golden Tickets	krbtgt