Active Directory Certificate Services (ADCS)
Attack techniques.
BackupOperatorToDA
From Backup Operator To Domain Admin.
Kerberoasting
Abusing the kerberos protocol to gain KRBTG hashes to crack.
KrbRelayUp
A universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
NTDS.dit Dump & Extract
How to dump NTDS.dit and extract the hashes with ShadowCopy and Secretsdump.
Pass-the-hash
Use the hash of a user to authenticate around the network.
PrinterBug (MS-RPRN abuse)
Triggers RPC call using SpoolService bug.
Printspoofer
From LOCAL/NETWORK SERVICE to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 and Server 2016/2019.
RBCD-attack
Resource-Based Constrained Delegation Attack (Kerberos RBCD / KRBCD).