Skip to content

Internal All The Things

Active Directory - Certificate ESC Attacks

Initializing search

Internal All The Things

Internal All The Things
DISCLAIMER
Active directory
Active directory
Cheatsheets
Cheatsheets
Cloud
Cloud
Command control
Command control
Containers
Containers
- Docker
- Kubernetes
Databases
Databases
Devops
Devops
Methodology
Methodology
Redteam
Redteam
- Access
  Access
- Escalation
  Escalation
  - Linux - Privilege Escalation
  - Windows - Privilege Escalation
- Evasion
  Evasion
- Persistence
  Persistence
- Pivoting
  Pivoting
  - Network Pivoting Techniques

Active Directory - Certificate ESC Attacks

ESC1 - Misconfigured Certificate Templates
ESC2 - Misconfigured Certificate Templates
ESC3 - Misconfigured Enrollment Agent Templates
ESC4 - Access Control Vulnerabilities
ESC5 - Vulnerable PKI Object Access Control
ESC6 - EDITF_ATTRIBUTESUBJECTALTNAME2
ESC7 - Vulnerable Certificate Authority Access Control
ESC8 - Web Enrollment Relay
ESC9 - No Security Extension
ESC10 - Weak Certificate Mapping
ESC11 - Relaying NTLM to ICPR
ESC12 - ADCS CA on YubiHSM
ESC13 - Issuance Policy
ESC14 - altSecurityIdentities
ESC15 - EKUwu Application Policies - CVE-2024-49019

October 5, 2025

Share this content

Made with Material for MkDocs