Active Directory AS-REP Roasting: Abusing Accounts Without Kerberos Pre-Authentication
How attackers extract and crack Kerberos AS-REP hashes from accounts with pre-authentication disabled, and how blue teams defend.
Impacket
Active Directory 
Active Directory Abusing Kerberos Constrained Delegation: S4U2Self and S4U2Proxy
A practical walkthrough of abusing Kerberos Constrained Delegation via S4U2Self and S4U2Proxy to impersonate privileged users.
Active Directory Abusing Active Directory DACLs: GenericAll, WriteDACL, and the Path to Domain Compromise
How attackers abuse GenericAll and WriteDACL ACEs in Active Directory, and how blue teams detect and prevent it.
Windows Privesc Lateral Movement and Persistence with WMI
How attackers abuse WMI for remote code execution and stealthy persistence, plus the detection and defenses blue teams need.