PrivEsc: Privilege Escalation in Windows Domains

During Penetration Testing engagements one of my favourite issues to exploit is a Domain User with Local Administrator permissions. It’s a pretty common issue to see and when speaking to IT Departments about the issue it seems that the risk is often under-estimated. So a user has been given administrative permission over one workstation – what’s the worst that can happen?