In May, Microsoft has fixed a bug that allowed normal users to impersonate Domain Controllers. This bug allowed non-privileged users to obtain a logon certificate issued to a domain controller, because users can write to the Active Directory attribute dnsHostNameof a computer they have joined to the domain. If a machine can enroll for a…
Tag: Certificate Mapping
Rogue Certificate Challenge: No Hardware Tokens, No Linux, Just a Web Server with Certificate Mapping.
I am back to my favorite security research: How to abuse certificates in a Windows / Active Directory environment! If an Active Directory integrated certification authority sign a certificate with a custom Subject Alternative Name of your choosing, you can impersonate any administrator in an AD forest. I’ve published two blog posts about how to…
Automatic Mapping of Logon Certificates to Users in Active Directory
This post has originally been published to my other / ‘archive’ website in 2014, first as a PDF, later converted to a HTML article. I am publishing it here on my WordPress blog in April 2022, using its original publication date – as it predates most of the other articles in my PKI UPN AD…
elkemental Force 