Expanded Library

Privilege Escalation with Certify

by Kat Seymour

Certify is a C# tool written by Will Schroeder and Lee Christiansen that can be used to find and compromise vulnerable configurations of Active Directory Certificate Services, allowing you to establish persistence and elevate your domain privileges.

What you'll learn

During a Red Team engagement, after you have established a foothold and persistence on a system, you will want to elevate your privileges to further compromise the environment. Certify is a C# tool written by Will Schroeder and Lee Christiansen that can be utilized to find and compromise vulnerable configurations of Active Directory Certificate Services. In this course, Privilege Escalation with Certify, we will use Certify to elevate our domain privileges by a few different methods available with the tool including abusing misconfigured Certificate Templates, vulnerable certificate and PKI Access Control Lists and using NTLM Relay to add AD Certificate Services Endpoints. We will even see how we can use AD CS to extract valid NTLM hashes for users and establish long term persistence all without having to touch LSASS.

About the author

Kat Seymour is a Security Author with 20 years of experience in technology and information security. With a wide breadth of experience, Kat's focus is on Red, Blue, and Purple team operations, tools, and techniques. Kat retired from a decades long career in Fintech to pursue her passion of mentoring and teaching full time. Throughout her career Kat has worked to build and innovate technology at a Fortune 100 Financial Institution including development of the first formalized application monitori... more

Ready to upskill? Get started