There is nothing special that I can do that no one else can't. I know systems really well and I know networking very well... Security is the hobby part of the equation. I tend to think in the following terms:
1) I am in a game that I need to win
2) I need to NEVER get caught
3) I need to be aware that the admin is better than me
4) How would I DEFEND this trget system on an impenetrable scale if possible?
5) Now how do I break those defenses?
6) How do I do so with as little noise as possible.
Offense believe it or not is somewhat easy. It's delivery that becomes tough. I can almost guarantee you that even in the most compartmentalized networks and systems, there is always error. Its understanding the errors, knowing what to look for.
When I do things I almost always lab things up for my sanity and do my best to understand what my opponent can possibly see. I then try to figure out ways to minimize that. Here is a kicker for you... Tiger... Tiger is a Unix auditing tool. In the early mid 90's I would love finding it on clients' machines... Because Tiger was almost often misconfigured, I would gladly run Tiger on a machine I compromised
This enabled me to see the flaws I needed to find. The admins? They thought all was gravy, after all, Tiger was auditing their system.