During penetration tests and also for attackers searching the network for potential targets, insights into the configuration of the certification authority are highly interesting.
In addition to possible misconfigurations, attackers can obtain information about the policy module used on the certification authority.
Continue reading „Auslesen der Konfiguration der Zertifizierungsstelle durch unprivilegierte Konten unterbinden“In the article "Signing certificates bypassing the certification authority"I described how an attacker with administrative rights on the certification authority can generate a logon certificate for administrative accounts of the domain by bypassing the certification authority software, i.e. by directly using the private key of the certification authority.
In the previous article I described the PSCertificateEnrollment Powershell Module is used to demonstrate the procedure. Microsoft supplies with certreq and certutil However, perfectly suitable pentesting tools are already included with the operating system ex works.
Continue reading „Signieren von Zertifikaten unter Umgehung der Zertifizierungsstelle – allein mit Bordmitteln“
English 
Deutsch