Posts by Vadims Podāns
Escalating from child domain’s admins to enterprise admins in 5 minutes by abusing AD CS, a follow up
Hello everyone, long time no see. I’m still extremely busy on my main job stuff, specifically PKI Spotlight commercial product development, so my blogging has slowed, and I’m here again! Prologue Disclaimer: This post contains steps and information that can lead to legal issues with your employer and lawsuits if you execute them in a…
Read MoreADCS SID Extension Policy Module is live!
Hello everyone, here is my next blog post after a long delay. While I’m working on PKI Spotlight product, I never forget about open-source products and a lot was changed without much announces since the work is still in progress. Today I want to inform about my next effort and it is a big one.…
Read MoreThe mystery of “Valid existing certificate” setting in ADCS certificate templates – demystified
This is a follow-up of “Certificate renewal request is placed in pending state when Valid Existing Certificate is selected in certificate template” blog post and final nail into the subject. Let’s re-iterate the problem. ADCS Certificate Templates provide configuration for issuance requirements, which allows you to forcibly put request in pending state (no automatic issuance)…
Read MoreADCS Open Protocols specifications
Hello S-1-1-0, Today I want to talk about another area in ADCS I’m contributing to — Open Protocols specifications. Around 15 years ago, Microsoft moved toward to open source and started a new documentation branch called “Open Specifications”, where Microsoft publishes a very detailed Windows protocols specifications so third party can build compatible clients and…
Read MoreBook review – “Pro Active Directory Certificate Services” by Lawrence E. Hughes
Disclaimer: This review contains my personal opinion about the book and does not necessary reflect the company’s or other people opinion. Hello everyone, today I have a little-bit unusual blog post, which is a book review. As you may know, my primary interest area is Microsoft Active Directory Certificate Services (ADCS) and it there are…
Read More