Featured resource
2025 Tech Upskilling Playbook
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Check it out
  • Course
    • Libraries: If you want this course, consider one of these libraries.
    • Security

Privilege Escalation with Certify

Certify is a C# tool written by Will Schroeder and Lee Christiansen that can be used to find and compromise vulnerable configurations of Active Directory Certificate Services, allowing you to establish persistence and elevate your domain privileges.

What you'll learn

During a Red Team engagement, after you have established a foothold and persistence on a system, you will want to elevate your privileges to further compromise the environment. Certify is a C# tool written by Will Schroeder and Lee Christiansen that can be utilized to find and compromise vulnerable configurations of Active Directory Certificate Services. In this course, Privilege Escalation with Certify, we will use Certify to elevate our domain privileges by a few different methods available with the tool including abusing misconfigured Certificate Templates, vulnerable certificate and PKI Access Control Lists and using NTLM Relay to add AD Certificate Services Endpoints. We will even see how we can use AD CS to extract valid NTLM hashes for users and establish long term persistence all without having to touch LSASS.

Table of contents

Get access now

Sign up to get immediate access to this course plus thousands more you can watch anytime, anywhere.

Get started with Pluralsight