References
- SpecterOps – Certified Pre-Owned: https://specterops.io/wp-content/uploads/sites/3/2022/06/Certified_Pre-Owned.pdf
- Microsoft official documentation about AD CS: https://learn.microsoft.com/en-us/training/modules/implement-manage-active-directory-certificate-services/2-explore-fundamentals-of-pki-ad-cs
- PassTheCert tool: https://github.com/AlmondOffSec/PassTheCert
- Certificate authentication without PKINIT: https://offsec.almond.consulting/authenticating-with-certificates-when-pkinit-is-not-supported.html
- Hunting for AD CS abuse: https://speakerdeck.com/heirhabarov/hunting-for-active-directory-certificate-services-abuse
- CertStealer tool: https://github.com/TheWover/CertStealer
- SharpDPAPI tool: https://github.com/GhostPack/SharpDPAPI
- Detecting UnPAC-the-hash and Shadow Credentials attacks: https://medium.com/falconforce/falconfriday-detecting-unpacing-and-shadowed-credentials-0xff1e-2246934247ce
- Certify tool: https://github.com/GhostPack...