According to DEVCORE's statistics from dozens of Red Team Assessments conducted over the past year, more than 50% of enterprise internal networks have misconfigurations related to Active Directory Certificate Services (AD CS). These misconfigurations allow attackers to gain domain admin privileges within minutes, even with just a low-privileged domain account.

In this presentation, we will present anonymized examples of these misconfigurations in various enterprises, demonstrate how attackers exploit them, and emphasize the importance of regularly assessing AD CS as a critical infrastructure component within an organization's internal network. We will also provide guidance on avoiding common configuration mistakes and mitigating measures for specific scenarios.