• Use built-in tools and external tools to enumerate the AD CS CA and its various template configurations.

  • Enumerate, understand, and find common and complex AD CS misconfigurations for abuse.

  • Explore interconnected attack chains as seen in enterprise environments.

  • Analyse certificates to parse and extract useful information from them.

  • Enumerate alternate Certification Authorities.

After gaining a foothold on a machine/environment we need to enumerate the local machine to escalate privileges.

Last updated