Ldap search for users and smb enum. User has SeBackupPrivilege and SeRestorePrivilege to backup the ntds.dit and system hive
Malicious PDF file to remote code execution and abusing Redis to get the admin credentials
