Certipy is a powerful offensive and defensive toolkit designed for Active Directory Certificate Services (AD CS) enumeration and abuse. It's tailored for red teamers, penetration testers, and defenders to assess AD CS misconfigurations, offering comprehensive support for identifying and exploiting all known ESC1-ESC16 attack paths.
Key Features:
- Discovery: Enumerate Certificate Authorities and Templates.
- Misconfiguration Identification: Pinpoint AD CS misconfigurations.
- Certificate Manipulation: Request and forge certificates for unauthorized access.
- Authentication Bypass: Perform authentication using certificates.
- NTLM Relay: Relay NTLM authentication to AD CS HTTP(S)/RPC endpoints.
- Advanced Attacks: Supports Shadow Credentials, Golden Certificates, and Certificate Mapping Attacks.
Use Cases:
- Red Teaming: Exploit AD CS vulnerabilities to escalate privileges and compromise the domain.
- Penetration Testing: Assess the security posture of AD CS deployments.
- Defensive Security: Identify and remediate AD CS misconfigurations to prevent attacks.
