Certified Enterprise Security Professional - AD CS (CESP - ADCS)

The Certified Enterprise Security Professional - AD CS (CESP - ADCS) is a fully hands-on certification. To be certified, a student needs to solve an exam lab that contains fully patched Active Directory Certificate Services environment with fully patched Server 2022 machines within 24 hours. The student needs to submit a report detailing the methodology and steps used to compromise the exam lab. The certification challenges a student to compromise Active Directory Certificate Services by abusing misconfigurations, default settings, features and functionalities without relying on patchable exploits. A certification holder has demonstrated the skills to understand and assess security of an AD CS environment. A non-exhaustive list of skills: - AD CS Enumeration - Stealing Certificates using Windows Crypto APIs, DPAPI, User store, Machine store and disk. - Domain Privilege Escalation by abusing settings and misconfigurations like Enrollee Supplies Subject, Enrollment Agent EKUs, Overly permissive ACLs on Certificate Templates and CA, Abusing CA Roles, Relaying to HTTP Endpoints and more. - Machine and User Persistence by requesting and renewing certificates - Domain Persistence using Forged certificates, Stolen Trusted Root certificates and more. - Abusing SSH CA Signers on Linux machines for Lateral Movement - Abusing VPN with Certificate-based authentication to pivot to different networks. - Pivoting to Azure by abusing Azure AD CBA.