Changing default security descriptor properties to escalate from a child to parent domain.

Compromising MSSQL databases, and escalating privileges.

Extracting gMSA service accounts from child domains.

Modifying SID History values to compromise parent domains.

Extracting domain controller credentials using the Backup Operators group.

Using Microsoft AD Explorer to collect Active Directory attack path information.

Exploiting misconfigured Active Directory access control lists.