Delegation is the assignment of responsibility or authority to another identity to carry out specific activities. It is one of the core concepts of management, shifting the decision-making authority from one organizational level to a lower one and empowering a subordinate to take responsibility. In Windows networks, delegation allows a service to impersonate a user or computer in order to access resources throughout the network. While delegation is being used in almost every enterprise, it is still one of the most confusing and least-understood mechanisms in Kerberos and Active Directory. In many cases, the accounts that are running applications and services which are trusted for delegation are misconfigured and, thus, ripe for exploitation. This talk will review what delegation is, what types of delegation exist, and how they are used in enterprises. The session will include a demonstration of how an attacker can impersonate another user and elevate privileges by exploiting built-in functionalities in Kerberos delegation, enabling remote execution with arbitrary user through unexpected services. In the session, an open source tool for identifying and abusing vulnerable accounts that allow for delegation will be introduced. Finally, some guidance will be shared that will allow tightening up of delegation rights to minimize risk.