As I was preparing for my Secure 360 talk a month or so ago, I stumbled upon this awesome article which details a method for getting Domain Admin access in just a few minutes - without cracking passwords or doing anything else "loud." The tools you'll need are:

I've written up all the steps in the gist at the end of this post. Enjoy!


Pwn-o-magic gist