Active Directory Certificate Services (AD CS) is a Windows Server role that provides a Public Key Infrastructure (PKI) to issue and manage digital certificates for authentication, encryption, and secure communications.
SpecterOps released their research on AD CS in June of 2021, where several vulnerabilities known as ESC1 through ESC8 were exposed. Most of these vulnerabilities are based on misconfigurations within the certificate templates available on an organization's AD CS server.
