Certified Pre-Owned - Abusing Active Directory Certificate Services
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the often-overlooked security implications of Microsoft's Active Directory Certificate Services (AD CS) in this 35-minute Black Hat conference talk. Delve into the potential for credential theft, machine persistence, domain escalation, and subtle domain persistence within AD CS. Learn about enterprise certificate authorities, certificate enrollment processes, and certificate templates. Discover techniques for passive and active certificate theft, and understand the advantages and misconfigurations of certificate templates. Examine escalation scenarios, methods for finding vulnerable certificate templates, and the NTLM Relay and Printer Bug vulnerabilities. Gain insights from the speakers' experience reporting to Microsoft and witness a live demonstration of these concepts in action.
Syllabus
Introduction
Agenda
Active Directory Certificate Services
Enterprise Certificate Authority
Certificate Enrollment
Certificate Templates
Subject Alternative Names
Certificate Authentication
Passive Certificate Theft
Active Certificate Theft
Certify
Advantages
Templates
Misconfiguration
Escalation scenarios
Vulnerability finding vulnerable certificate templates
NTLM Relay
Printer Bug
Reporting to Microsoft
Demo
Quick Summary
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube