TechDirectArchiveNov 23, 2023

The application /Certsrv does not exist: How to configure Certificate Enrollment Web Services and Certificate Authority Web Enrolment

https://techdirectarchive.com/2021/07/29/the-application-certsrv-does-not-exist-how-to-configure-certificate-enrollment-web-services-and-certificate-authority-web-enrollment/

#ActiveDirectoryCertificateServices, #ADCS, #Cert, #CertificateAuthority, #Certificates, #MicrosoftWindows, #Windows, #Windows10, #WindowsServer, #WindowsServer2012, #WindowsServer2016, #WindowsServer2019

The application /Certsrv does not exist: How to configure Certificate Enrollment Web Services and Certificate Authority Web Enrolment

Learn how to configure Certificate Enrollment Web Services and resolve 'Certsrv does not exist' issue in this helpful guide.

TechDirectArchive
TechDirectArchiveJun 16, 2023

Create a certificate template for BitLocker Network Unlock

https://techdirectarchive.com/2021/01/30/how-to-create-a-certificate-template-for-bitlocker-network-unlock/

#ActiveDirectoryCertificateServices, #ADCS, #CA, #Cert, #CertificateAuthority, #CertificateTemplates, #Certificates, #Windows, #Windows10, #WindowsServer, #WindowsServer2016, #WindowsServer2019

Create a certificate template for BitLocker Network Unlock

How to create a certificate template for BitLocker Network Unlock. Create a certificate template in AD CS for BitLocker's automatic unlock

TechDirectArchive
Jake Hildreth (acorn) Feb 27, 2023

The Locksmith Active Directory (AD) Certificate Services (CS) remediation tool has been updated: https://github.com/TrimarcJake/Locksmith

New features:
- Support for Restricted Admin Mode. If RAM is detected, Locksmith will ask to be re-run using the -Credential switch.
- If the AD Powershell module is not installed on Win 10/11, Locksmith will attempt to install it for you.
Note: previously only available on server-class OSes.
- New functions for checking user type and elevation status.
- Auto-generated snippets for ownership issues (a subset of ESC4/ESC5).
- Support for non-English Active Directory environments!

Next planned updates:
- Add individual CA Hosts to $SafeUsers using SIDs.
- Perform additional environment checks before attempting to run.
- Rename modes to something that makes sense.

#IAM #IdentitySecurity #CertificateServices #ActiveDirectory #ActiveDirectoryCertificateServices #ADCS #PKI #Locksmith #OpenSource #DefensiveSecurity #DefensiveSecurityTooling #Pizza

GitHub - TrimarcJake/Locksmith: A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services. - TrimarcJake/Locksmith

GitHub
SensePostDec 2, 2022
CertPotato - A new way to gain SYSTEM privileges using ADCS by @[email protected] of the Paris team.
https://sensepost.com/blog/2022/certpotato-using-adcs-to-privesc-from-virtual-and-network-service-accounts-to-local-system/
#ActiveDirectoryCertificateServices #activedirectory
SensePost | Certpotato – using adcs to privesc from virtual and network service accounts to local system

Leaders in Information Security

Jake Hildreth (acorn) Nov 10, 2022

Locksmith has been updated: https://github.com/TrimarcJake/Locksmith

New features:
- Improved on-screen explanation of what the script is doing
- Improved output formatting
- Confirmation now required before the AD CS environment is changed
- If Locksmith changes your environment, a script is created to easily revert those changes.
- Less false positives
- If Active Directory module is not installed, Locksmith will attempt to install it for you.

Next planned updates:
- Strict Mode support
- RDP Restricted Admin support

#IAM #IdentitySecurity #CertificateServices #ActiveDirectory #ActiveDirectoryCertificateServices #ADCS #Locksmith #OpenSource #DefensiveSecurity #DefensiveSecurityTooling #Pizza

GitHub - TrimarcJake/Locksmith: A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services. - TrimarcJake/Locksmith

GitHub