Overview
This course aims to teach learners how to abuse Microsoft's Active Directory Certificate Services (AD CS) for various malicious purposes such as credential theft, machine persistence, and domain escalation. The course covers topics such as Enterprise Certificate Authority, Certificate Enrollment, Certificate Templates, Certificate Authentication, Passive and Active Certificate Theft, and escalation scenarios. The teaching method includes a combination of theoretical concepts, practical demonstrations, and real-world examples. This course is intended for cybersecurity professionals, penetration testers, network administrators, and anyone interested in understanding and defending against Active Directory security threats.
Syllabus
Introduction
Agenda
Active Directory Certificate Services
Enterprise Certificate Authority
Certificate Enrollment
Certificate Templates
Subject Alternative Names
Certificate Authentication
Passive Certificate Theft
Active Certificate Theft
Certify
Advantages
Templates
Misconfiguration
Escalation scenarios
Vulnerability finding vulnerable certificate templates
NTLM Relay
Printer Bug
Reporting to Microsoft
Demo
Quick Summary
Taught by
Black Hat