certificates
Escalating from child domain’s admins to enterprise admins in 5 minutes by abusing AD CS, a follow up
Hello everyone, long time no see. I’m still extremely busy on my main job stuff, specifically PKI Spotlight commercial product development, so my blogging has slowed, and I’m here again! Prologue Disclaimer: This post contains steps and information that can lead to legal issues with your employer and lawsuits if you execute them in a…
Read MoreHidden switches of Certutil.exe and Certreq.exe
Hey Kids, Rock and Roll! Two of the most reliable toolsets in Windows for the last two decades have been the tandem of certutil.exe and certreq.exe. It’s no secret there are a wealth of very useful functions exposed in the basic usage of these tools, also documented publicly here: certutil.exe public documentation certreq.exe public documentation…
Read MoreProgrammatically Determining Access Rights on Certificate Private Keys
There are times when the private key associated with a certificate needs to be accessible by multiple identities, not just the identity which owns the key material. An example is the deployment of the Microsoft Network Device Enrollment Services (NDES) role service on a server which needs to connect to a remotely hosted CA. In…
Read MoreEnabling Active Directory Certificate Services (ADCS) advanced audit
Hello S-1-1-0, here is another unscheduled blog post on enabling advanced audit in Microsoft CA. Today I went through another thread on Twitter which suggests how to enable advanced audit in Microsoft CA. Throughout the thread it was apparent that only partial solution was provided. Windows CA auditing engines Microsoft CA implements a set of…
Read MoreRegister TLS certificate with Remote Desktop Service using PowerShell
Hello everyone! This is a quick blog post that provides information on how to register TLS certificate with Remote Desktop Services (RDS). Starting with Windows Server 2008 R2 it became extremely easy to deploy RDS certificates to AD hosts from private CA using group policies and Microsoft CA. Since then RDS over TLS should be…
Read More