ESC8 is a critical vulnerability targeting Active Directory Certificate Services web enrollment interfaces, enabling NTLM relay attacks for privilege escalation. Proper configuration and security measures are vital to prevent exploitation and protect domain controllers from silent compromise. #ActiveDirectory #NTLMRelay
Keypoints
- ESC8 exploits misconfigured ADCS Web Enrollment to allow NTLM relay attacks.
- Attackers can impersonate privileged accounts like Domain Admins without malware or zero-day exploits.
- Tools such as Certipy and Impacket facilitate the identification, relay, and exploitation process.
- Proper security measures include disabling Web Enrollment, enforcing HTTPS, and auditing certificate templates.
- Mitigation also involves restricting CA access, enabling logging, and disabling coercion vectors.
Read More: https://www.hackingarticles.in/adcs-esc8-ntlm-relay-to-ad-cs-http-endpoints/