Privilege Escalation with Certify

Focused View

Kat Seymour

18:42

71 View

Exercise Files

privilege-escalation-certify.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:17

Module 2 - Privilege Escalation with Certify

1. Certify and Active Directory Certificate Services.mp4

04:59

2. Environment Enumeration and Template Abuse with Certify.mp4

06:34

3. Enrollment Agent Abuse and Persistence with Certify.mp4

04:46

Module 3 - Resources

1. More Information.mp4

01:06

Description

Certify is a C# tool written by Will Schroeder and Lee Christiansen that can be used to find and compromise vulnerable configurations of Active Directory Certificate Services, allowing you to establish persistence and elevate your domain privileges.

What You'll Learn?

During a Red Team engagement, after you have established a foothold and persistence on a system, you will want to elevate your privileges to further compromise the environment. Certify is a C# tool written by Will Schroeder and Lee Christiansen that can be utilized to find and compromise vulnerable configurations of Active Directory Certificate Services. In this course, Privilege Escalation with Certify, we will use Certify to elevate our domain privileges by a few different methods available with the tool including abusing misconfigured Certificate Templates, vulnerable certificate and PKI Access Control Lists and using NTLM Relay to add AD Certificate Services Endpoints. We will even see how we can use AD CS to extract valid NTLM hashes for users and establish long term persistence all without having to touch LSASS.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

C#

Windows Server

Active Directory

Kat Seymour

Instructor's Courses

Kat Seymour is a Security Author with 20 years of experience in technology and information security. With a wide breadth of experience, Kat's focus is on Red, Blue, and Purple team operations, tools, and techniques. Kat retired from a decades long career in Fintech to pursue her passion of mentoring and teaching full time. Throughout her career Kat has worked to build and innovate technology at a Fortune 100 Financial Institution including development of the first formalized application monitoring team, the initial groundwork for the first purple team structure, and the first Red Team mentoring program for cross-training and internal talent development. Kat's passion for technology and security are matched only by her passion to empower the next generation of security professionals through mentorship and knowledge sharing.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.