Active Directory Certificate Services (ADCS) is often exploited in ESC3 certificate attacks that target misconfigured certificate templates, leading to privilege escalation and unauthorized access. This post will explore the vulnerabilities associated with the ESC3 enrollment agent and methods of exploitation through certificate requests. Affected: Active Directory Certificate Services
Keypoints :
- ESC3 certificate attacks exploit misconfigured Certificate Request Agent (CRA) templates, allowing unauthorized users to request certificates for high-privileged accounts.
- Requirements for the ESC3 attack include an improperly configured certificate template that allows enrollment on behalf of others, along with a valid CRA certificate.
- Post-exploitation tactics include lateral movement and privilege escalation using tools like Evil-WinRM and Metasploit.
- Mitigation strategies involve restricting EKU usage, requiring approval for certificate issuance, and auditing existing certificate templates for vulnerabilities.
Read More: https://www.hackingarticles.in/adcs-esc3-enrollment-agent-template/