ADCS

When Certificates Fail: A Story of Bypassed MFA in Remote Accesshttps://edermi.github.io/

ESC vuln

Cheat Sheet:

ESE Parser:

Use case:

• When the ese files are too large to parse with eseutil. Python handles parsing better.

#!/usr/bin/python3
from dissect.esedb import EseDB
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("-db", "--databasefile", help="Database file to be parsed")
args = parser.parse_args()
edb = args.databasefile
with open(edb, "rb") as fh:
 db = EseDB(fh)
 for table in db.tables():
 for record in table.records():
 print(record)

Understanding Active Directory Certificate Services containers in Active Directory - PKI Solutions LLCPKI Solutions LLC

Investigating Certificate Template Enrollment Attacks – (ADCS)Microsoft 365 Security

Investigating Certificate Template Enrollment Attacks – (ADCS)Microsoft 365 Security

GitHub - davidprowe/BadBlood: BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.GitHub

GitHub - arth0sz/Practice-AD-CS-Domain-Escalation: Introductory guide on the configuration and subsequent exploitation of Active Directory Certificate Services with Certipy. Based on the white paper Certified Pre-Owned.GitHub

Windows PKI TeamSysadmins LV

https://www.beyondtrust.com/blog/entry/esc1-attackswww.beyondtrust.com

ESC1Pentester's Promiscuous Notebook