Privilege Escalation with Certify
|
Certify is a C# tool written by Will Schroeder and Lee Christiansen that can be used to find and compromise vulnerable configurations of Active Directory Certificate Services, allowing you to establish persistence and elevate your domain privileges.
During a Red Team engagement, after you have established a foothold and persistence on a system, you will want to elevate your privileges to further compromise the environment. Certify is a C# tool written by Will Schroeder and Lee Christiansen that can be utilized to find and compromise vulnerable configurations of Active Directory Certificate Services. In this course, Privilege Escalation with Certify, we will use Certify to elevate our domain privileges by a few different methods available with the tool including abusing misconfigured Certificate Templates, vulnerable certificate and PKI Access Control Lists and using NTLM Relay to add AD Certificate Services Endpoints. We will even see how we can use AD CS to extract valid NTLM hashes for users and establish long term persistence all without having to touch LSASS.
Author Name: Kat DeLorean Seymour
Author Description:
Kat Seymour is a Security Author with 20 years of experience in technology and information security. With a wide breadth of experience, Kat’s focus is on Red, Blue, and Purple team operations, tools, and techniques. Kat retired from a decades long career in Fintech to pursue her passion of mentoring and teaching full time. Throughout her career Kat has worked to build and innovate technology at a Fortune 100 Financial Institution including development of the first formalized application monitori… more
User Reviews
Be the first to review “Privilege Escalation with Certify”
Related Products
IDA Pro Concepts and Basic Functionality
The ability to reverse engineer binary code is accomplished through the use of complex tools which translate machine code. This course will teach you everything you need to know about IDA Pro to get started using this indispensable tool.
Advanced Cyber Defense Analysis with Wireshark
As a member of the security team, you will need to have the skills required to help with mitigating potential attacks. This course will prepare you to use the Wireshark utility to help in this mitigation.
Post Exploitation with Meterpreter
In a penetration test, escalating your privileges and exfiltrating data are some of the most important tasks of the assessment. This course will teach you how to use the Meterpreter tool for post-exploitation tasks.
Advanced Web Application Penetration Testing with Burp Suite
Burp suite can help improve your penetration testing. This is an advanced course designed to expand your knowledge of the Burp Suite product to utilize many of the lesser known features offered in the tool.
Web Application Penetration Testing with Burp Suite
Want to learn how to use Burp beyond just the capture of requests and responses? This course helps get you up and running quickly to take advantage of all the functionality in the Burp Suite.
Red Team Operations: Target and Capability Development
Hey Humans! Come join us for an exciting adventure and Red Team Operation! In this course, we will be discussing the scenario and how to set up infrastructure and planning for your operation.
There are no reviews yet.