Let’s Discusses how the process of Requesting Certificate Occurs
- Client Generate Public/Private Key pair
- Client Sends a Certificate Request to Enterprise CA Server
- The CA Servers validate is the Certificate Template exist and is the user allowed to enroll to this cert
- CA Generates a Certificate and signs it using Private Key
- The User Stores the Certificate In the Windows Certificate Store
What Attacker Can do if we Abused ADCS?
Take A Look at all those techniques
Try Harder We ain’t done yet
Escalation
ESC1