Pki

Quick Reference Table ESC Vulnerability Tool Requirement ESC1 SAN in template certipy req Enroll permission on template ESC2 Any Purpose EKU certipy req Enroll permission ESC3 Enrollment Agent certipy req Agent cert + second request ESC4 Template write access certipy template GenericWrite on template ESC6 EDITF_ATTRIBUTESUBJECTALTNAME2 on CA certipy req Any enroll permission ESC7 CA Manage Officer certipy ca Manage CA / Manage Certificates ESC8 NTLM relay to /certsrv/ certipy relay PetitPotam/coercion ESC9 No szOID_NTDS_CA_SECURITY_EXT certipy UPN mapping abuse ESC11 Relay to ICPR certipy relay -ca-pfx NTLM relay AD CS Fundamentals Active Directory Certificate Services (AD CS) is Microsoft’s PKI (Public Key Infrastructure) implementation. It issues X.509 certificates used for authentication, encryption, and signing within a Windows domain. ...

Quick Reference ESC Vulnerability Tool Requirement ESC1 SAN in template Certify + Rubeus Enroll on template ESC2 Any Purpose EKU Certify + Rubeus Enroll on template ESC3 Enrollment Agent Certify x2 + Rubeus Agent cert + 2nd enroll ESC4 Template write access PowerView + Certify GenericWrite on template ESC6 EDITF_ATTRIBUTESUBJECTALTNAME2 Certify + Rubeus Any enroll ESC7 CA Officer / Manage Certify ca ManageCA or ManageCertificates ESC8 NTLM relay to certsrv ntlmrelayx (from Kali) Coercion + web enrollment AD CS Fundamentals Active Directory Certificate Services (AD CS) is Microsoft’s PKI implementation, used to issue digital certificates for authentication, encryption, and code signing within a Windows domain. It is high-value from an attacker’s perspective because: ...