Escalating from child domain’s admins to enterprise admins in 5 minutes by abusing AD CS, a follow up

Hello everyone, long time no see. I’m still extremely busy on my main job stuff, specifically PKI Spotlight commercial product development, so my blogging has slowed, and I’m here again! Prologue Disclaimer: This post contains steps and information that can lead to legal issues with your employer and lawsuits if you execute them in a production […]
RSASSA-PSS – Why Your Certificate Can’t Be Validated
A common theme has been arriving in my email box lately as well as many online forums. Consistently people are reporting error with certificates issued by their internal Microsoft ADCS based CAs. Problems range from Apple devices, Firefox, appliances and many other systems. When people examine their certificates they see that their certificates are SHA […]
What’s New in PKI Spotlight | July 2022 Release Update
With the addition of Is-Alive Testing for ADCS Certificate Authority and our proprietary Best Practices Engine, PKI Spotlight is poised to help organizations properly configure and monitor their PKI environment and avoid costly errors. PKI Solutions is excited to announce the latest enhancements to PKI Spotlight, The first Public Key Infrastructure management solution built from […]
CyberNews Q&A Interview
Editor’s Note: Recently, CyberNews interviewed our own Mark B. Cooper, President and Founder of PKI Solutions for an article about the company and PKI Spotlight, the industry’s first and only solution that provides real-time monitoring and alerting of the availability, configuration, and security of all of organizations’ PKI environments – all consolidated into one easy-to-use dashboard. Below […]
Name Constraints Extension
The Name Constraints extension indicates to the relying party what namespaces are acceptable for the various hierarchical name forms such as DN, DNS names, URL, IP address, RFC 822 names, UPN, etc. The extension is only valid for a CA certificate. There are two components for this as defined in https://tools.ietf.org/html/rfc5280#section-4.2.1.10 as: Permitted Subtree(s): This […]
Hungry, Hungry Hippos: Addressing Vulnerabilities in MS Active Directory Certificate Services

The use of MS Active Directory Certificate Services (ADCS) is crucial for the secure operation of modern enterprises. However, it is vital to keep up with potential vulnerabilities that may arise within ADCS environments. This whitepaper highlights two critical vulnerabilities that affect ADCS environments and provides actionable steps to address them. Vulnerability 1: Man-in-the-Middle (MiTM) […]
NDES and Intune Best Practices | Get Better At Articulating What PKIs Do
Throughout the pandemic, we are seeing an increasing number of requests and questions from customers about the nuances of setting up Microsoft Intune and Microsoft NDES (Microsoft’s implementation of SCEP). We have also seen that customers get in trouble regarding certificates and the hybrid architecture of on-prem NDES and cloud-based Intune. At PKI Solutions we […]
PKI Revelations Episode 1: We Were Wrong
Editor’s Note: This is the first blog post in a series of posts from us that will focus on our PKI Revelations. Trigger Alert: These blog posts may be real, raw, and controversial (but no PKIs were harmed in the writing of these posts). We hope you join us for the fun and read along! […]