Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Pluralsight

Privilege Escalation with Certify

via Pluralsight

Overview

Certify is a C# tool written by Will Schroeder and Lee Christiansen that can be used to find and compromise vulnerable configurations of Active Directory Certificate Services, allowing you to establish persistence and elevate your domain privileges.

During a Red Team engagement, after you have established a foothold and persistence on a system, you will want to elevate your privileges to further compromise the environment. Certify is a C# tool written by Will Schroeder and Lee Christiansen that can be utilized to find and compromise vulnerable configurations of Active Directory Certificate Services. In this course, Privilege Escalation with Certify, we will use Certify to elevate our domain privileges by a few different methods available with the tool including abusing misconfigured Certificate Templates, vulnerable certificate and PKI Access Control Lists and using NTLM Relay to add AD Certificate Services Endpoints. We will even see how we can use AD CS to extract valid NTLM hashes for users and establish long term persistence all without having to touch LSASS.

Syllabus

  • Course Overview 1min
  • Privilege Escalation with Certify 16mins
  • Resources 1min

Taught by

Kat Seymour

Reviews

4.7 rating at Pluralsight based on 13 ratings

Start your review of Privilege Escalation with Certify

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.