ADCS
Active Directory Certificate Services (ADCS)
Public Key Infrastucture
PKI uses digital certificates and public key cryptography. A digital certificate binds public key to a person, organization, device or service.
A certificate is is issued and signed by a trusted
Certificate Authority (CA)
What is ADCS
Active Directory Certificate Services is a Window server role to establish and manage a PKI. Its used for securing SSL/TLS, VPN, RDS and WLAN. Also issue certficates for smart cards and physical tokens tot authenticate user to a network.
Certificate Templates
Used to define what certificate can be used for like web server for https, code signing or a custom like VPN.
Certificate Authority
Issues certifates to users, computers, and services.
Certificate Authorities
CAs issue certifcates and a root CA creates it own self-signed certificate using it private key. ADCS sets the certificate's name and marks it as a CA. Once trusted by devices the certificate allows the CA to be recognized as a trusted source.
Certificate Templates
Enterprise CAs in AD CS use certificate templates to define how certificates are issued and used. These templates include settings like usage, validity, subject info and who can request them. They are stored in AD as pKICertificateTemplate objects. The pKIExtendedKeyUsage attribute lists OIDs that define what the certificate can be used for—like code signing, smart card logon, or client authentication.
Misconfigurations
Abusing Certifcate Templates
ESC1, ESC2, ESC3, ESC9, and ESC10:, focusing on misconfiguration within certificate templates.
Abusing CA Configuration
ESC6: Exploiting weaknesses within the Certificate Authority configuration
Abusing Access Control
ESC4, ESC5, ESC7: Misconfigurationwith Access Control
NTLM Relay
ESC8, ESC11: NTLM relay misconfiguration
MIscellaneous
Cetrified, PKINIT
Last updated
Was this helpful?