ADCS Certified Enterprise Security Professional
HomeAuthor
  • CESP Certification
  • 🔥RFS Methodology
    • Pwning
  • 1️⃣ Learn AD CS (Module 1)
    • Active Directory Certificate Services (AD CS)
    • 🟢AD CS Components
    • 🟢Certificate Formats
    • Certificate Attributes
    • Containers in AD
  • 2️⃣ AD CS Attacks (Module 2)
    • Attack
    • Prevention
    • Detection
  • 3️⃣ Basics of AD CS Attacks (Module 3)
    • Tools
    • AV Bypass
    • Payload Delivery
    • 🟢Bypass PowerShell Logging
    • WinRS
    • 🟢Certificate Management
    • 🟢Pass the Cert
    • 🟢UnPAC the Hash
    • 🟢S4U2Self Attack
  • 4️⃣ AD CS Patches (Module 4)
    • 🟢CBA patch
    • 🟢ADCS SID Extension Policy Module
  • 5️⃣ AD CS Enumeration (Module 5)
    • 🥰Methodology
    • Tools
    • 🟢CAs Info
    • Groups
    • Extract the Private Key
  • 6️⃣ AD CS Local Privilege Escalation (Module 6)
    • 🟢CertPotato
    • 🟢ESC1 – Understand the Arbitrary Subject Alternative Name Vulnerability
  • AD CS Domain Privilege Escalation
    • Page 3
  • AD CS Pivoting and Lateral Movement
    • Page 4
  • AD CS Theft and Collection
    • Page 5
  • AD CS Local and Domain Persistence
    • Page 6
  • Abusing Cross Forest and External Trusted CAs
    • Page 7
  • Abusing Azure CBA for Lateral Movement and Persistence on Cloud
    • Page 8
  • Evasion and Bypasses
    • Page 9
  • Group 1
    • Page 2
Powered by GitBook
On this page

Was this helpful?

  1. 4️⃣ AD CS Patches (Module 4)

CBA patch

Discover the significance of the CBA patch in our in-depth article. Explore its essential role in software updates, its impact on performance, and the latest developments in the field. Unravel CBA pat

The CBA patch hinders Subject AltName abuses such as ESC1, ESC2, ESC3 and breaks CA Configuration abuses like ESC6, ESC9, ESC10.

CBA patch

• Before the Full Enforcement patch date (Nov 14, 2023 for now available as OOB update) the " key value in the HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Kdc Registry Subkey can be altered in 3 states to set Certificate-based Authentication checks.

– Disabled: 0 ––> SID Mapping checks are disable

– Compatibility: 1 szOID_NTDS_CA_SECURITY_EXT is checked and validated if present, but if a strong mapping is not present authentication can still proceed but will be logged.

– Full Enforcement Mode: 2 ––> strong SID mapping requirements in client certificates, and if not present authentication fails and will be logged.

PreviousS4U2Self AttackNextADCS SID Extension Policy Module

Last updated 8 months ago

Was this helpful?

🟢