| Active Directory | Kerberoasting, AS-REP roasting, DCSync, PtH, Golden/RODC Ticket, RBCD, ACL abuse, KeyList, Shadow Credentials, ADCS (ESC1-9/16) |
| Privilege Escalation | SUID/sudo abuse, kernel exploits, service misconfig, token manipulation |
| Exploit Development | Buffer overflow, format string, ROP chains, shellcode, heap exploitation |