In this attack, an attacker creates an account that does not exist in AD, then uses the Kerberos ticket to access resources.
You can now see this kind of attack in Azure ATP version 2.39, that will open a Kerberos golden ticket - nonexistent account alert.
For more information visit aka.ms/atasaguide-golden
Stay tuned. Your feedback is welcome!