Table of contents CESP Certification 🔥 RFS Methodology Pwning 1️⃣ Learn AD CS (Module 1) Active Directory Certificate Services (AD CS) 🟢 AD CS Components 🟢 Certificate Formats Certificate Attributes Containers in AD 2️⃣ AD CS Attacks (Module 2) Attack Prevention Detection 3️⃣ Basics of AD CS Attacks (Module 3) Tools AV Bypass Payload Delivery 🟢 Bypass PowerShell Logging WinRS 🟢 Certificate Management 🟢 Pass the Cert 🟢 UnPAC the Hash 🟢 S4U2Self Attack 4️⃣ AD CS Patches (Module 4) 🟢 CBA patch 🟢 ADCS SID Extension Policy Module 5️⃣ AD CS Enumeration (Module 5) 🥰 Methodology Tools 🟢 CAs Info Groups Extract the Private Key 6️⃣ AD CS Local Privilege Escalation (Module 6) 🟢 CertPotato 🟢 ESC1 – Understand the Arbitrary Subject Alternative Name Vulnerability AD CS Domain Privilege Escalation Page 3 AD CS Pivoting and Lateral Movement Page 4 AD CS Theft and Collection Page 5 AD CS Local and Domain Persistence Page 6 Abusing Cross Forest and External Trusted CAs Page 7 Abusing Azure CBA for Lateral Movement and Persistence on Cloud Page 8 Evasion and Bypasses Page 9 Group 1 Page 2