Active Directory PetitPotam and Coercion Attacks: Forcing Authentication and Relaying to AD CS
How PetitPotam coerces machine authentication via MS-EFSRPC and relays it to AD CS for domain compromise — with detection and defense.
Windows Privesc
Active Directory 
Security Abusing Windows Token Privileges: The Potato Attack Family
How service accounts with SeImpersonatePrivilege escalate to SYSTEM via JuicyPotato, PrintSpoofer, and RoguePotato, plus blue-team defenses.
Windows Privesc Privilege Escalation via Unquoted Service Paths on Windows
How unquoted Windows service paths with spaces let low-privileged users plant a binary and escalate to SYSTEM, plus blue-team defenses.
Windows Privesc Weak Service Permissions: Privilege Escalation via SERVICE_CHANGE_CONFIG on Windows
Abuse misconfigured Windows service DACLs to rewrite binPath and escalate to SYSTEM, plus detection and hardening.
Security DLL Hijacking: Privilege Escalation and Persistence on Windows
How DLL search order hijacking and phantom DLLs lead to privilege escalation and persistence, plus Blue Team detection and defense.
Windows Privesc Abusing AlwaysInstallElevated for Windows Privilege Escalation
How a misconfigured AlwaysInstallElevated policy lets a low-privileged user run a malicious MSI as SYSTEM, plus detection and defense.
Windows Privesc UAC Bypass Techniques: A Practical Overview of Auto-Elevation Abuse
A practical tour of Windows UAC bypass techniques abusing auto-elevating binaries, registry hijacks, and UACME, plus blue-team defenses.
Windows Privesc Practical Credential Theft with Mimikatz
A hands-on guide to dumping Windows credentials with Mimikatz and the LSA protections that stop it.
Windows Privesc Dumping LSASS Memory: Techniques and Detection Evasion
A practical guide to dumping LSASS memory with comsvcs.dll, procdump, and nanodump, plus parsing with pypykatz and blue-team defenses.
Windows Privesc Looting Windows Secrets: Attacking DPAPI and Credential Manager
How attackers decrypt DPAPI-protected Credential Manager vaults and browser secrets, plus how blue teams detect and stop it.
Windows Privesc Abusing Scheduled Tasks for Windows Persistence and Privilege Escalation
How attackers abuse writable task XML, schtasks, and Task Scheduler to persist and escalate on Windows, plus blue-team detection.
Windows Privesc Abusing Registry Autoruns for Windows Persistence and Privilege Escalation
How attackers abuse writable Run keys and other autorun locations for persistence and privesc, plus how blue teams detect it.
Windows Privesc AMSI and Windows Defender Bypass: A Practical Primer
A hands-on primer on AMSI patching, reflection, obfuscation, and in-memory bypasses, with blue-team detection guidance.
Windows Privesc PowerShell Obfuscation and Execution Policy Bypass
How attackers bypass PowerShell ExecutionPolicy and CLM with obfuscation, and how defenders detect and stop it.
Windows Privesc Lateral Movement and Persistence with WMI
How attackers abuse WMI for remote code execution and stealthy persistence, plus the detection and defenses blue teams need.
Windows Privesc Named Pipe Impersonation: How Windows getsystem Really Works
A deep dive into ImpersonateNamedPipeClient and how named pipe impersonation powers Meterpreter's getsystem.
Windows Privesc PrintNightmare: Abusing the Windows Print Spooler for Privilege Escalation and RCE
A practical walkthrough of CVE-2021-1675 and CVE-2021-34527 (PrintNightmare): abusing AddPrinterDriverEx for SYSTEM-level code execution, plus blue-team defenses.
Windows Privesc Windows Event Logs and Forensic Artifacts: Tracking and Tampering
How Windows Security event logs record attacker activity, how adversaries clear them, and how defenders detect tampering.
Windows Privesc Practical Windows Enumeration with winPEAS
A hands-on guide to running winPEASx64 for Windows privilege escalation enumeration, with defensive countermeasures.
Windows Privesc Abusing SeBackupPrivilege and SeRestorePrivilege for Windows Privilege Escalation
How attackers abuse SeBackupPrivilege/SeRestorePrivilege to dump SAM, SYSTEM, and ntds.dit, plus blue-team detection and defense.