This is CheatSheet which I used on PJPT exam to fully compromise Domain Controller by doing internal network penentration testing.

K E R B E R O A S T I N G. From a network or domain controller log perspective, since 𝗖𝗿𝗮𝗰𝗞𝗲𝗿𝗕𝗹𝗶𝘁𝘇 implements many parts of the normal Kerberos protocol, the main detection method involves the use of rc4_hmac in Kerberos exchanges.

Offensive tool for guessing Active Directory credentials via Kerberos

Kerberoasting and AS-REP Roasting