AD Certificates
Last updated
Was this helpful?
Last updated
Was this helpful?
See .
A CA (Certification Authority) is part of the Active Directory Certificate Services (AD CS).
A CA is installed when the organization wants to use:
Authentication via certificates (Kerberos authentication with certificate (PKINIT) instead of using passwords/hashes)
Smart cards, VPN certificates, corporate Wi-Fi
Single Sign-On with certificates
Or when certificates are needed for machines/users/services
Use for enumeration and identifying vulnerable templates.
If you compromise the CA (obtain its .pfx), you can:
Sign a certificate for Administrator
Use it to obtain a TGT via PKINIT
Access the domain as if you were him
If you have read access to the disk, from the Windows victim:
Obtain its .pfx
Always use sudo ntpdate <DC_IP> before.
Account Persistance.
Domain Persistance
Certificate Theft
Use from linux to craft Golden Certificate.
Domain Escalation. (see also )