📖 Notes

Search (Ctrl+K)

Recent Notes

heap exploitation
Jun 05, 2024
2024-06-05
Jun 05, 2024
- daily
2024-06-04
Jun 04, 2024
- daily
2024-06-03
Jun 03, 2024
- daily
2024-05-29
May 29, 2024
- daily

See 1409 more sorted by tag →

❯

Active Directory Certificate Services

Active Directory Certificate Services

created Jan 08, 2024updated May 19, 20241 min read

status/in-progress
ttp/09-lateral-movement

Active Directory Certificate Services provide PKI functionalities within Active Directory.

Attack with Certify

Enumerate certificate authorities (CAs): beacon> execute-assembly C:\Tools\Certify\Certify\bin\Release\Certify.exe cas
- prints additional info such as certificate templates
Enumerate vulnerable certificate templates: beacon> execute-assembly C:\Tools\Certify\Certify\bin\Release\Certify.exe find /vulnerable

AD CS also serves certificate enrollment over HTTP. If NTLM authenticate is enabled, this HTTP endpoint would be vulnerable to NTLM relay attack.

Certificates may also be used for persistence.

Graph View

Sources

Certified Pre-Owned
RTO

Backlinks

AD certificate persistence
Red Team Ops I

Created with Quartz v4.2.3 © 2024

GitHub
LinkedIn
HackTheBox