Active Directory DCSync Attack and Defense: Abusing Directory Replication Rights
How DCSync abuses AD replication rights via DRSUAPI to dump credentials, and how blue teams can detect and stop it.
mimikatz
Active Directory 
Active Directory Pass-the-Hash and Pass-the-Ticket in Practicew
A hands-on guide to NTLM Pass-the-Hash and Kerberos Pass-the-Ticket attacks, with practical tooling and Blue Team defenses.
Active Directory Golden Ticket Attacks: Abusing krbtgt for Domain Persistence
How attackers forge Kerberos TGTs with the krbtgt hash to gain persistent domain dominance, and how blue teams detect and defend.
Windows Privesc Practical Credential Theft with Mimikatz
A hands-on guide to dumping Windows credentials with Mimikatz and the LSA protections that stop it.
Windows Privesc Dumping LSASS Memory: Techniques and Detection Evasion
A practical guide to dumping LSASS memory with comsvcs.dll, procdump, and nanodump, plus parsing with pypykatz and blue-team defenses.
Windows Privesc Looting Windows Secrets: Attacking DPAPI and Credential Manager
How attackers decrypt DPAPI-protected Credential Manager vaults and browser secrets, plus how blue teams detect and stop it.