White Papers | Resources

Investigating Active Directory Certificate Services Abuse: ESC1

active-directory-cover

The abuse of misconfigured Active Directory Certificate Services (AD CS) certificate templates has been a common method of privilege escalation for threat actors and red teams alike. Depending on the configuration of the certificate template, the impact of AD CS vulnerabilities can be devastating and lead to full domain compromise.

This white paper discusses the ESC1 certificate abuse technique, and the system artifacts and logs that can be used in both incident response and proactive engagements to help defenders develop detections and decrease the risk of AD CS abuse.

Author: Stephan Wolfert

Start your free trial now.

Total protection has never been easier. Take advantage of our free 15-day trial and explore the most popular solutions for your business:

  • Protect against malware with next-gen antivirus.
  • Get unrivaled visibility with USB device control.
  • Simplify your host firewall management.
  • Receive real-time insights with automated threat intelligence.
Request free trial