Looking Back: Hacking and Defending Windows Public Key Infrastructure (ADCS)

I live at the fringes of the cybersecurity community. I have never attended infosec conferences. There will be a talk on PKI hacking at Blackhat 2021 soon: Top AD offensive security gurus are presenting comprehensive research on abusing ADCS (Active Directory Certificate Services). I only know about that, because I noticed backlinks from their article … Continue reading Looking Back: Hacking and Defending Windows Public Key Infrastructure (ADCS)

Impersonating a Windows Enterprise Admin with a Certificate: Kerberos PKINIT from Linux

This is about a serious misconfiguration of a Windows Public Key Infrastructure integrated with Active Directory: If you can edit certificate templates, you can impersonate the Active Directory Forests's Enterprise Administrator by logging on with a client certificate. You have a persistent credential that will also survive the reset of this admin's password. In the … Continue reading Impersonating a Windows Enterprise Admin with a Certificate: Kerberos PKINIT from Linux

Sizzle @ hackthebox – Unintended: Getting a Logon Smartcard for the Domain Admin!

My writeup - how to pwn my favorite box on hackthebox.eu, using a (supposedly) unintended path. Sizzle - created by @mrb3n813 and @lkys37en - was the first box on HTB that had my favorite Windows Server Role - the Windows Public Key Infrastructure / Certification Authority. This CA allows a low-privileged user - amanda - … Continue reading Sizzle @ hackthebox – Unintended: Getting a Logon Smartcard for the Domain Admin!

Ethereal @ hackthebox: Certificate-Related Rabbit Holes

This post is related to the 'insanely' difficult hackthebox machine Ethereal (created by egre55 and MinatoTW) that was recently retired. Beware - It is not at all a full comprehensive write-up! I zoom in on openssl, X.509 certificates, signing stuff, and related unnecessary rabbit holes that were particularly interesting to me - as somebody who … Continue reading Ethereal @ hackthebox: Certificate-Related Rabbit Holes

Certificates and PKI. The Prequel.

Some public key infrastructures run quietly in the background since years. They are half forgotten until the life of a signed file has come to an end - but then everything is on fire. In contrast to other seemingly important deadlines (Management needs this until XY or the world will come to an end!) this … Continue reading Certificates and PKI. The Prequel.

Diffusion of iTechnology in Corporations (or: Certificates for iPhones)

[Jump to technical stuff] Some clichés are true. One I found confirmed often is about how technologies are adopted within organizations: One manager meets another manager at a conference / business meeting / CIO event. Manager X show off the latest gadget and/or brags about presents a case-study of successful implementation of Y. Another manager … Continue reading Diffusion of iTechnology in Corporations (or: Certificates for iPhones)

The Strange World of Public Key Infrastructure and Certificates

An e-mail discussion related to my recent post on IT security has motivated me to ponder about issues with Public Key Infrastructure once more. So I attempt - most likely in vain - to merge a pop-sci introduction to certificates with sort of an attachment to said e-mail discussion. So this post might be opaque … Continue reading The Strange World of Public Key Infrastructure and Certificates

What I Never Wanted to Know about Security but Found Extremely Entertaining to Read

This is in praise of Peter Gutmann's book draft Engineering Security, and the title is inspired by his talk Everything You Never Wanted to Know about PKI but were Forced to Find Out. Chances are high that any non-geek reader is already intimidated by the acronym PKI - sharing the links above on LinkedIn I have been … Continue reading What I Never Wanted to Know about Security but Found Extremely Entertaining to Read