Active Directory Kerberoasting: The Complete Guide to Mechanics, Attack, and Defense
A complete guide to Kerberoasting: how SPNs and TGS-REP enable offline cracking, plus detection and defense.
Kerberos
Active Directory 
Active Directory AS-REP Roasting: Abusing Accounts Without Kerberos Pre-Authentication
How attackers extract and crack Kerberos AS-REP hashes from accounts with pre-authentication disabled, and how blue teams defend.
Active Directory Pass-the-Hash and Pass-the-Ticket in Practicew
A hands-on guide to NTLM Pass-the-Hash and Kerberos Pass-the-Ticket attacks, with practical tooling and Blue Team defenses.
Active Directory Golden Ticket Attacks: Abusing krbtgt for Domain Persistence
How attackers forge Kerberos TGTs with the krbtgt hash to gain persistent domain dominance, and how blue teams detect and defend.
Active Directory Silver Ticket Attacks: Forging Kerberos Service Tickets
How attackers forge Kerberos TGS service tickets using a service account hash, and how blue teams detect and prevent it.
Active Directory Abusing Unconstrained Delegation: From Printer Bug to Domain Compromise
How attackers abuse Kerberos Unconstrained Delegation to capture TGTs and pivot to Domain Admin, plus blue-team defenses.
Active Directory Abusing Kerberos Constrained Delegation: S4U2Self and S4U2Proxy
A practical walkthrough of abusing Kerberos Constrained Delegation via S4U2Self and S4U2Proxy to impersonate privileged users.
Active Directory Resource-Based Constrained Delegation (RBCD) Attack: From a Single Computer Account to Domain Compromise
A practical walkthrough of the Resource-Based Constrained Delegation attack, abusing msDS-AllowedToActOnBehalfOfOtherIdentity for privilege escalation.
Active Directory Inside Kerberos: A Deep Dive into the Protocol Internals
A practical breakdown of Kerberos internals: AS-REQ, TGS-REQ, the PAC, and why RC4 vs AES etypes matter for attackers and defenders.
Active Directory Shadow Credentials: Abusing msDS-KeyCredentialLink for AD Persistence and Privilege Escalation
Abuse msDS-KeyCredentialLink to forge Key Trust certificates, authenticate via PKINIT, and recover NTLM hashes.
Active Directory Password Spraying Active Directory Without Tripping Lockouts
A practical, lockout-aware guide to password spraying Active Directory with kerbrute, plus detection and defense.