AD CS ESC1 Privilege Escalation Tutorial | Exploit Active Directory Certificate Services

Walkthrough of PenTesting Active Directory Certificate Services (AD CS) ESC1 attack. This is a quick and easy way to escalate privileges from a low-level domain user to domain admin. I will also discuss and verify remediations for this misconfiguration.


Links:
PenTesting ESC8 Walkthrough:
NTLM relay to AD CS ESC8 Tutorial | E...

Ceritpy Github:
https://github.com/ly4k/Certipy

Abusing AD CS Whitepaper:
https://specterops.io/wp-content/uplo...

DFSCoerce Github:
https://github.com/Wh04m1001/DFSCoerce



00:00 Intro
01:30 ESC1 Walkthrough
10:06 Remediation
14:31 Verify Remediation

• #education
• #ad_cs
• #adcs
• #active_directory
• #active_directory_certificate_services
• #hacking
• #pentesting
• #red_team
• #ldapsearch
• #esc8
• #abusing
• #certipy
• #tutorial
• #walkthrough
• #how_to
• #kali
• #privilage
• #escalation
• #priv_esc
• #ntlm_relay
• #crackmapexec
• #pass_the_hash
• #pass_the_certificate
• #impacket