Active Directory Certificate Services: Hardening Your Security

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/Netwrix

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarLint - Clean code begins in your IDE with SonarLint
  • SaaSHub - Software Alternatives and Reviews
  • PSPKIAudit

    PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.

    The PSPKIAudit tool can help you audit your PKI infrastructure. To use PSPKIAudit, simply download the tool from GitHub, import the module and run the Invoke-PKIAudit command. This will enumerate the Certificate Authority from Active Directory and then query it for some of the default options.

  • PetitPotam

    PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

    I expect an increasing number of attacks on Active Directory Certificate Services. In fact, a PetitPotam with ADCS NTLM Relaying attack has already come out since the SpecterOps paper was published, and SpecterOps is releasing ForgeCert, the Golden Ticket of Certificates, at BlackHat 2021. Therefore, it’s urgent to check for misconfigurations in your environment and remediate them promptly, and then to repeat the process on a regular basis.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • ForgeCert

    "Golden" certificates

    I expect an increasing number of attacks on Active Directory Certificate Services. In fact, a PetitPotam with ADCS NTLM Relaying attack has already come out since the SpecterOps paper was published, and SpecterOps is releasing ForgeCert, the Golden Ticket of Certificates, at BlackHat 2021. Therefore, it’s urgent to check for misconfigurations in your environment and remediate them promptly, and then to repeat the process on a regular basis.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts