Certified Pre-Owned Abusing Active Directory Certificate Services

Active Directory Certificate Services (AD CS) has significant security implications often overlooked. This eBook examines how AD CS can be exploited for credential theft, machine persistence, domain escalation, and persistent access.

Key findings include:

· Stealing certificates that survive password resets
· Abusing misconfigured templates for escalation
· Using a CA's private key to forge certificates
· Exploiting NTLM relay attacks against AD CS endpoints

Guidance for defenders includes:

· Treating CA servers as Tier 0 assets
· Hardening certificate templates and settings
· Monitoring suspicious enrollments and events

Understand the security implications of this system.