ADCS Security Resources

Welcome to the ultimate resource collection for Active Directory Certificate Services (AD CS) security. This page is designed to be a comprehensive reference for security experts, pentesters, and red teamers looking to deepen their understanding of AD CS vulnerabilities and exploitation techniques.

Tools

Certify

A C# tool to enumerate and abuse misconfigurations in AD CS

Learn More

Certipy

Python tool for exploiting AD CS

Learn More

ADCSPwn

A tool to escalate privileges in an AD environment by abusing AD CS

Learn More

Research Papers

Certified Pre-Owned

Abusing Active Directory Certificate Services

Learn More

AD CS Relay Attack

Practical guide to NTLM relaying to AD CS HTTP Endpoints

Learn More

Techniques

ESC1 - Misconfigured Certificate Templates

Exploiting overly permissive certificate templates

Learn More

ESC2 - Misconfigured Enrollment Agent Templates

Abusing Enrollment Agent templates

Learn More

ESC8 - NTLM Relay to AD CS HTTP Endpoints

Exploiting NTLM relay in AD CS

Learn More

External Resources

MITRE ATT&CK - AD CS

MITRE ATT&CK framework entries related to AD CS

Learn More

Microsoft AD CS Security Guidance

Official Microsoft documentation on securing AD CS

Learn More

Contribute to Our Knowledge Base

Our goal is to maintain the most comprehensive and up-to-date resource on ADCS Security. If you have additional resources, tools, or techniques that you believe would benefit the community, we encourage you to contribute.

Submit a Resource