Found via @armitagehacker on Twitter.
This video shows a demo that uses Armitage (Metasploit) to compromise a Windows Domain Controler.
The attacker gains access to an unpatched Windows web server by exploiting the classic MS08-067. On the web server, the attacker is able to obtain the cached domain credentials of an administrator and use them to compromise the domain controller.
The attacker also makes use of the persistence module to keep a foothold on the compromised system.