Privilege Escalation with Certify

Certify is a C# tool written by Will Schroeder and Lee Christiansen that can be used to find and compromise vulnerable configurations of Active Directory Certificate Services, allowing you to establish persistence and elevate your domain privileges.

by Kat DeLorean Seymour

Get started Preview course

What you'll learn

During a Red Team engagement, after you have established a foothold and persistence on a system, you will want to elevate your privileges to further compromise the environment. Certify is a C# tool written by Will Schroeder and Lee Christiansen that can be utilized to find and compromise vulnerable configurations of Active Directory Certificate Services. In this course, Privilege Escalation with Certify, we will use Certify to elevate our domain privileges by a few different methods available with the tool including abusing misconfigured Certificate Templates, vulnerable certificate and PKI Access Control Lists and using NTLM Relay to add AD Certificate Services Endpoints. We will even see how we can use AD CS to extract valid NTLM hashes for users and establish long term persistence all without having to touch LSASS.

Try this course for free

Access this course and other top-rated tech content with a free trial.

Free individual trial Free team trial

Have questions?

Get them answered now.

Start a live chat

Course Info

Rating

(15 reviews)

Level

Intermediate

Last updated

May 24, 2022

Duration

18m 44s

Course Overview | 1m 17s

About the author

Kat DeLorean Seymour

Kat Seymour is a Sr. Security Author with 20 years of experience in technology and information security. She specializes in Red, Blue, and Purple team operations, tools, and techniques.

More Courses by Kat

Privilege Escalation with Certify

What you'll learn

Table of contents

Course Overview 1m 17s

Privilege Escalation with Certify 16m 20s

Resources 1m 6s

About the author