Simulated a DCSync attack in an AD environment using Mimikatz to replicate password hashes. Covered detection using Event ID 4662 and GUIDs, and prevention methods like RPC firewall and permission audits. Focused on post-exploitation, detection, and hardening techniques.