Search

Home

PNPT Studies

PJPT Studies

AD CS / Certificate Attacks (ESC1-15) (1, 8, 11 for now)

Report Writing / Client Presentation

Operationalizing Cybercrime Data (June 2025)

Certificate Attacks (ESC1-15)

ESC 1-15: ADCS Attack Techniques Cheatsheet - Google Sheets

Resources:

TrustedSec EKUwu: Not just another AD CS ESCTrustedSec EKUwu: Not just another AD CS ESC

Good resource:

Daniel Cornett ESC1 & ESC8: Pentesting Active Directory Certificate Services

Background on ADCS attacks:

Will Schroeder Certified Pre-OwnedWill Schroeder Certified Pre-Owned

Crowe Exploiting AD CS: A quick look at ESC1 and ESC8 | Crowe LLPCrowe Exploiting AD CS: A quick look at ESC1 and ESC8 | Crowe LLP

Jannik Petit Potam - NTLM Relay AttackJannik Petit Potam - NTLM Relay Attack

Truesec Petitpotam Exploit POCTruesec Petitpotam Exploit POC

siteadmin From Stranger to DA // Using PetitPotam to NTLM relay to Domain Administrator - Trulysupersiteadmin From Stranger to DA // Using PetitPotam to NTLM relay to Domain Administrator - Trulysuper

LuemmelSec Skidaddle Skideldi - I just pwnd your PKI

Kassie Kimball Abusing Active Directory Certificate Services (Part 3) - Black Hills Information SecurityKassie Kimball Abusing Active Directory Certificate Services (Part 3) - Black Hills Information Security

ESC1ESC2ESC3ESC7ESC8ESC11Certifried