• with covenant

• with Metasploit

• Autologon misconfigurations

• AlwaysInstallElevated

• Fodhelper UAC bypass

• New User persistence

• startup persistence

• Autorun persistence

• Enable RDP for persistence

• Passing session from Covenant to Metasploit

• Port forwarding

after getting the domain admin