It has been an interesting year for attacks against the Windows credential model. If you aren’t familiar with the Mimikatz “Golden Ticket” attack, it represents some of the best justification for guarding your domain administrator credentials with your life (if you really needed additional justification). CERT EU published an excellent whitepaper on strategies for mitigating this attack.