Creating a C++ DLL to modify a target applications behaviour.
Offensive PowerShell
Using GetDelegateForFunctionPointer to execute Win32 API’s from memory in Powershell.
Active Directory Schema Modification
Changing default security descriptor properties to escalate from a child to parent domain.