ESC4
Domain escalation via misconfigured certificate template access control
This misconfiguration can occur when unintended users are granted one of the following template security permissions:
Owner
WriteOwnerPrincipals
WriteDaclPrincipals
WritePropertyPrincipals
Adding Certificates with StandIn
To add certificates using StandIn, follow these examples:
Certificate Enrollment Permission: To allow Domain Users to enroll for certificates, use the following command:
Client Authentication EKU: To add a certificate with Client Authentication EKU, execute:
ENROLLEE_SUPPLIES_SUBJECT:
An example for SmartCardLogon ESC4 Abuse using CertifyKitโs /alter option is as follows:
Last updated