White Paper | Resource Center

Investigating Active Directory Certificate Services Abuse: ESC1

The abuse of misconfigured Active Directory Certificate Services (AD CS) certificate templates has been a common method of privilege escalation for threat actors and red teams alike. Depending on the configuration of the certificate template, the impact of AD CS vulnerabilities can be devastating and lead to full domain compromise.

This white paper discusses the ESC1 certificate abuse technique, and the system artifacts and logs that can be used in both incident response and proactive engagements to help defenders develop detections and decrease the risk of AD CS abuse.

Author: Stephan Wolfert

Falcon Cloud Security: Cloud Infrastructure Entitlement Management (CIEM) Solution Brief
CrowdStrike 2024 Global Threat Report: What You Need to Know
CrowdStrike 2024 Global Threat Report: Executive Summary

Discover More at our
Resource Center

Case Studies
Community Tools
CrowdCasts
Data Sheets
Demos
Guides
Infographics
Reports
Videos
White Papers

TECHNICAL CENTER

  • OS icon
  • deployment icon
  • installation icon

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.

Visit the Tech Center