Links

Certificate Services (AD-CS)

Theory

AD CS is Microsoft’s PKI implementation that provides everything from encrypting file systems, to digital signatures, to user authentication (a large focus of our research), and more. While AD CS is not installed by default for Active Directory environments, from our experience in enterprise environments it is widely deployed, and the security ramifications of misconfigured certificate service instances are enormous. (specterops.io)
In their research papers, Will Schroeder and Lee Christensen shared their research on AD CS and identified multiple theft, escalation and persistence vectors.