Child Domain to Forest Compromise - SID Hijacking
Most trees are linked with dual sided trust relationships to allow for sharing of resources. By default the first domain created if the Forest Root.
Requirements: - KRBTGT Hash - Find the SID of the domain
- Replace 502 with 519 to represent Enterprise Admins - Create golden ticket and attack parent domain.