Active Directory Abusing Unconstrained Delegation: From Printer Bug to Domain Compromise
How attackers abuse Kerberos Unconstrained Delegation to capture TGTs and pivot to Domain Admin, plus blue-team defenses.
Delegation
Active Directory 
Active Directory Abusing Kerberos Constrained Delegation: S4U2Self and S4U2Proxy
A practical walkthrough of abusing Kerberos Constrained Delegation via S4U2Self and S4U2Proxy to impersonate privileged users.
Active Directory Resource-Based Constrained Delegation (RBCD) Attack: From a Single Computer Account to Domain Compromise
A practical walkthrough of the Resource-Based Constrained Delegation attack, abusing msDS-AllowedToActOnBehalfOfOtherIdentity for privilege escalation.