Jake Hildreth :blacker_heart_outline: · @horse
352 followers · 980 posts · Server infosec.exchangeThe Locksmith Active Directory (AD) Certificate Services (CS) remediation tool has been updated: https://github.com/TrimarcJake/Locksmith
New features:
- Support for Restricted Admin Mode. If RAM is detected, Locksmith will ask to be re-run using the -Credential switch.
- If the AD Powershell module is not installed on Win 10/11, Locksmith will attempt to install it for you.
Note: previously only available on server-class OSes.
- New functions for checking user type and elevation status.
- Auto-generated snippets for ownership issues (a subset of ESC4/ESC5).
- Support for non-English Active Directory evironments!
Next planned updates:
- Add individual CA Hosts to $SafeUsers using SIDs.
- Perform additional environment checks before attempting to run.
- Rename modes to something that makes sense.
#IAM #IdentitySecurity #CertificateServices #ActiveDirectory #ActiveDirectoryCertificateServices #ADCS #PKI #Locksmith #OpenSource #DefensiveSecurity #DefensiveSecurityTooling #Pizza
#iam #identitysecurity #certificateservices #activedirectory #activedirectorycertificateservices #adcs #pki #locksmith #opensource #defensivesecurity #defensivesecuritytooling #pizza
SensePost · @sensepost
237 followers · 6 posts · Server infosec.exchange
CertPotato - A new way to gain SYSTEM privileges using ADCS by @Santorryu@twitter.com of the Paris team.
https://sensepost.com/blog/2022/certpotato-using-adcs-to-privesc-from-virtual-and-network-service-accounts-to-local-system/
#ActiveDirectoryCertificateServices #activedirectory
#activedirectorycertificateservices #activedirectory
Graham Gold :hacker_g: :hacker_g: · @cirriustech
974 followers · 2286 posts · Server infosec.exchangeGreat update on #Certifried and the various #security #vulnerabilities in #ActiveDirectoryCertificateServices #ADCS including additional vulns in #CES and #SCEP
#Certificates and Pwnage and Patches, Oh My! https://posts.specterops.io/certificates-and-pwnage-and-patches-oh-my-8ae0f4304c1d
#certifried #security #vulnerabilities #activedirectorycertificateservices #adcs #ces #scep #certificates
Jake Hildreth :ancomheart: · @horse
164 followers · 124 posts · Server infosec.exchange
Locksmith has been updated: https://github.com/TrimarcJake/Locksmith
New features:
- Improved on-screen explanation of what the script is doing
- Improved output formatting
- Confirmation now required before the AD CS environment is changed
- If Locksmith changes your environment, a script is created to easily revert those changes.
- Less false positives
- If Active Directory module is not installed, Locksmith will attempt to install it for you.
Next planned updates:
- Strict Mode support
- RDP Restricted Admin support
#IAM #IdentitySecurity #CertificateServices #ActiveDirectory #ActiveDirectoryCertificateServices #ADCS #Locksmith #OpenSource #DefensiveSecurity #DefensiveSecurityTooling #Pizza
#iam #identitysecurity #certificateservices #activedirectory #activedirectorycertificateservices #adcs #locksmith #opensource #defensivesecurity #defensivesecuritytooling #pizza