The article describes an internal Active Directory attack vector where attackers, after an initial compromise, abuse misconfigured certificate template permissions to escalate privileges and move laterally. The process involves enumerating a domain for users or groups with excessive enrollment rights and can be automated to execute within minutes. This technique is highlighted as a particularly dangerous and common finding during internal penetration tests.
Thank you ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal // Spencer Alessi’s SOCIAL // YouTube: https://www.youtube.com/@techspence Website: https://spenceralessi.com/adsecuritykit/ X: https://x.com/techspence LinkedIn: https://www.linkedin.com/in/spenceralessi/ Swag: https://www.etsy.com/shop/ethicalthreat/?etsrc=sdt&dd_referrer=https%3A%2F%2Fwww.youtube.com%2F // ThreatLocker’s SOCIAL // LinkedIn: https://www.linkedin.com/company/threatlockerinc/posts/?feedView=all X: https://x.com/threatlocker Instagram: https://www.instagram.com/threatlocker/ Website: https://www.threatlocker.com/ // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb X: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/@davidbombal Spotify: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ SoundCloud: https://soundcloud.com/davidbombal Apple Podcast: https://podcasts.apple.com/us/podcast/david-bombal/id1466865532 // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:54 - Spencer Alessi introduction & background 02:20 - Pentesting demo // Active Directory 03:34 - Control paths // Finding bad permissions with ADeleg 06:04 - Finding bad permissions with NetTools 06:52 - The most common issue 08:15 - Certificate abuse 12:20 - Quick recap 12:30 - Certificate abuse continued 15:10 - Pentesting summary 15:09 - How to become a pentester 18:48 - Recommended certifications 20:54 - Advice for blue teamers 22:15 - Overcoming being an introvert // Soft skills vs tech skills 23:43 - Windows hacking in the real world 24:54 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #microsoft #windows11 #hacker