ADCS

When Certificates Fail: A Story of Bypassed MFA in Remote Accesshttps://edermi.github.io/
ESC vuln

Cheat Sheet:

ESE Parser:

Use case:

  • When the ese files are too large to parse with eseutil. Python handles parsing better.

#!/usr/bin/python3
from dissect.esedb import EseDB
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("-db", "--databasefile", help="Database file to be parsed")
args = parser.parse_args()
edb = args.databasefile
with open(edb, "rb") as fh:
 db = EseDB(fh)
 for table in db.tables():
 for record in table.records():
 print(record)
LogoUnderstanding Active Directory Certificate Services containers in Active Directory - PKI Solutions LLCPKI Solutions LLC
LogoInvestigating Certificate Template Enrollment Attacks – (ADCS)Microsoft 365 Security
LogoInvestigating Certificate Template Enrollment Attacks – (ADCS)Microsoft 365 Security
LogoGitHub - davidprowe/BadBlood: BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.GitHub
LogoGitHub - arth0sz/Practice-AD-CS-Domain-Escalation: Introductory guide on the configuration and subsequent exploitation of Active Directory Certificate Services with Certipy. Based on the white paper Certified Pre-Owned.GitHub

LogoWindows PKI TeamSysadmins LV
https://www.beyondtrust.com/blog/entry/esc1-attackswww.beyondtrust.com

LogoESC1Pentester's Promiscuous Notebook
PreviousDCSyncNextMSSQL

Last updated