Certificate Authorities. They’re an invisible elephant in the room. They’re the colourless passport stampers that complement your inscrutable active directory certificate processes. The whole thing sounds very grey and bureaucratic, but threat actors and security wizards are looking at the certificate process very closely, and for good reason. Those passports can do quite a lot. In this article we’ll cover a few basic concepts and then look at a new crop of vulnerabilities discovered by the piratical and quite naughty SpectreOps. The aim of this post is not to make you an authority on certificate services, it’s to show you that there are distinct risks in deploying certificate services and provide you with a tool to audit for some of these.
In case you are unaware, SpectreOps are the vendors that produced several cutting-edge open-source tools for Active Directory enumeration. They are also shaking up the way the security industry views vulnerability management by introducing their own unique philosophy which has a core focus on attack pathway management, a philosophy which J2 had adopted in their insider threat assessment where we simulate human-operated ransomware attacks in our client environment as part of our red-teaming activity.
- Hits: 279