# Active Directory & Kerberos Abuse - [From Domain Admin to Enterprise Admin](/offensive-security-experiments/active-directory-kerberos-abuse/child-domain-da-to-ea-in-parent-domain.md): Explore Parent-Child Domain Trust Relationships and abuse it for Privilege Escalation - [Kerberoasting](/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting.md): Credential Access - [Kerberos: Golden Tickets](/offensive-security-experiments/active-directory-kerberos-abuse/kerberos-golden-tickets.md): Persistence and Privilege Escalation with Golden Kerberots tickets - [Kerberos: Silver Tickets](/offensive-security-experiments/active-directory-kerberos-abuse/kerberos-silver-tickets.md): Credential Access - [AS-REP Roasting](/offensive-security-experiments/active-directory-kerberos-abuse/as-rep-roasting-using-rubeus-and-hashcat.md) - [Kerberoasting: Requesting RC4 Encrypted TGS when AES is Enabled](/offensive-security-experiments/active-directory-kerberos-abuse/kerberoasting-requesting-rc4-encrypted-tgs-when-aes-is-enabled.md) - [Kerberos Unconstrained Delegation](/offensive-security-experiments/active-directory-kerberos-abuse/domain-compromise-via-unrestricted-kerberos-delegation.md) - [Kerberos Constrained Delegation](/offensive-security-experiments/active-directory-kerberos-abuse/abusing-kerberos-constrained-delegation.md) - [Kerberos Resource-based Constrained Delegation: Computer Object Takeover](/offensive-security-experiments/active-directory-kerberos-abuse/resource-based-constrained-delegation-ad-computer-object-take-over-and-privilged-code-execution.md) - [Domain Compromise via DC Print Server and Kerberos Delegation](/offensive-security-experiments/active-directory-kerberos-abuse/domain-compromise-via-dc-print-server-and-kerberos-delegation.md) - [DCShadow - Becoming a Rogue Domain Controller](/offensive-security-experiments/active-directory-kerberos-abuse/t1207-creating-rogue-domain-controllers-with-dcshadow.md) - [DCSync: Dump Password Hashes from Domain Controller](/offensive-security-experiments/active-directory-kerberos-abuse/dump-password-hashes-from-domain-controller-with-dcsync.md) - [PowerView: Active Directory Enumeration](/offensive-security-experiments/active-directory-kerberos-abuse/active-directory-enumeration-with-powerview.md) - [Abusing Active Directory ACLs/ACEs](/offensive-security-experiments/active-directory-kerberos-abuse/abusing-active-directory-acls-aces.md) - [Privileged Accounts and Token Privileges](/offensive-security-experiments/active-directory-kerberos-abuse/privileged-accounts-and-token-privileges.md) - [From DnsAdmins to SYSTEM to Domain Compromise](/offensive-security-experiments/active-directory-kerberos-abuse/from-dnsadmins-to-system-to-domain-compromise.md) - [Pass the Hash with Machine$ Accounts](/offensive-security-experiments/active-directory-kerberos-abuse/pass-the-hash-with-machine-accounts.md) - [BloodHound with Kali Linux: 101](/offensive-security-experiments/active-directory-kerberos-abuse/abusing-active-directory-with-bloodhound-on-kali-linux.md) - [Backdooring AdminSDHolder for Persistence](/offensive-security-experiments/active-directory-kerberos-abuse/how-to-abuse-and-backdoor-adminsdholder-to-obtain-domain-admin-persistence.md) - [Active Directory Enumeration with AD Module without RSAT or Admin Privileges](/offensive-security-experiments/active-directory-kerberos-abuse/active-directory-enumeration-with-ad-module-without-rsat-or-admin-privileges.md) - [Enumerating AD Object Permissions with dsacls](/offensive-security-experiments/active-directory-kerberos-abuse/using-dsacls-to-check-ad-object-permissions.md): Enumeration, living off the land - [Active Directory Password Spraying](/offensive-security-experiments/active-directory-kerberos-abuse/active-directory-password-spraying.md) - [Active Directory Lab with Hyper-V and PowerShell](/offensive-security-experiments/active-directory-kerberos-abuse/active-directory-lab-with-hyper-v-and-powershell.md) - [ADCS + PetitPotam NTLM Relay: Obtaining krbtgt Hash with Domain Controller Machine Certificate](/offensive-security-experiments/active-directory-kerberos-abuse/adcs-+-petitpotam-ntlm-relay-obtaining-krbtgt-hash-with-domain-controller-machine-certificate.md) - [From Misconfigured Certificate Template to Domain Admin](/offensive-security-experiments/active-directory-kerberos-abuse/from-misconfigured-certificate-template-to-domain-admin.md) - [Shadow Credentials](/offensive-security-experiments/active-directory-kerberos-abuse/shadow-credentials.md): Persistence, lateral movement - [Abusing Trust Account$: Accessing Resources on a Trusted Domain from a Trusting Domain](/offensive-security-experiments/active-directory-kerberos-abuse/abusing-trust-accountusd-accessing-resources-on-a-trusted-domain-from-a-trusting-domain.md)