Active Directory Kerberoasting: The Complete Guide to Mechanics, Attack, and Defense
A complete guide to Kerberoasting: how SPNs and TGS-REP enable offline cracking, plus detection and defense.
Blue Team
Active Directory 
Windows Privesc Windows Event Logs and Forensic Artifacts: Tracking and Tampering
How Windows Security event logs record attacker activity, how adversaries clear them, and how defenders detect tampering.
Windows Privesc Practical Windows Enumeration with winPEAS
A hands-on guide to running winPEASx64 for Windows privilege escalation enumeration, with defensive countermeasures.