Locksmith Module

Description

A small tool to find and fix common misconfigurations in Active Directory Certificate Services.

Escalation paths

ESC1, ESC2, etc., refer to a series of Active Directory Certificate Services (AD CS) escalation paths, originally documented by Will Schroeder and Lee Christensen in their landmark 2021 research on abusing AD CS titled "Certified Pre-Owned".

These ESC* vulnerabilities are not software vulnerabilities in the traditional sense (like CVEs), but rather misconfigurations or abuse paths that attackers can use to escalate privileges or persist in an environment using AD CS.

Locksmith Cmdlets

Invoke-Locksmith

A small tool to find and fix common misconfigurations in Active Directory Certificate Services.