This week I jump over to the blue team side of the world and walk through how to find, attack and fix the ADCS ESC8 vulnerability! Microsoft has some guidance on various cert fix-ups here as well. During our penetration tests, we see a ton of the ESC1 and ESC8 vulnerabilities. You should also review the excellent article/research from SpecterOps on finding/fixing all flavors of ESC vulnerabilities. Lastly, I’ve had many clients report that the Locksmith tool is excellent for finding, understanding, and even fixing ESC vulnerabilities in your environment.
Thanks,
-Brian
