"PushSubscription" is an API on Exchange Web Services that allows to subscribe to push notifications. Attackers abuse it to make Exchange servers authenticate to a target of their choosing. As Exchange servers usually have high privileges in a domain (i.e. WriteDacl, see Abusing ACLs), the forced authentication can then be relayed and abused to obtain domain admin privileges (see NTLM Relay and Kerberos Unconstrained Delegations).
PrivExchange (Python) is a tool able to log in on Exchange Web Services and call that API.