In the last article of this AD CS series, we looked at how ESC1 can be used to gain higher privileges in Active Directory. In this post, we’ll explain AD CS ESC2 Certificate Exploitation, where a low-level user can request an “Any Purpose” certificate. This weak setup lets attackers get certificates for other users, which […]