Extracting gMSA service accounts from child domains.
Backup Operator Privilege Escalation
Extracting domain controller credentials using the Backup Operators group.
Active Directory Explorer
Using Microsoft AD Explorer to collect Active Directory attack path information.
Bypassing Multi Factor Authentication
Intercepting multi factor authentication credentials using an Nginx reverse proxy.