Active Directory trusts allow authentication between domains. There are several types of trusts with different transitivity and directionality. Trusts rely on security identifiers and access tokens to enable authentication and authorization between domains. Attackers can abuse trusts to gain access across domains, such as through golden tickets that use stolen hash values to generate authentication tickets or by forging inter-trust tickets even after password changes. Forest trusts were also found to have vulnerabilities that could allow administrators in one forest to compromise resources in a trusted forest.