📄 Detecting ADCS Web Services Abuse (ESC8)
One of the popular attack vectors against Active Directory Certificate Services is ESC8. This article covers detecting irregular access to some ADCS web services exposed, as well as detecting the NTLM relaying itself.
https://medium.com/falconforce/falconfriday-detecting-adcs-web-services-abuse-0xff20-9f660c83cb36
#adcs #detection #esc8 #blueteam
One of the popular attack vectors against Active Directory Certificate Services is ESC8. This article covers detecting irregular access to some ADCS web services exposed, as well as detecting the NTLM relaying itself.
https://medium.com/falconforce/falconfriday-detecting-adcs-web-services-abuse-0xff20-9f660c83cb36
#adcs #detection #esc8 #blueteam
Medium
FalconFriday — Detecting ADCS web services abuse — 0xFF20
One of the popular attack vectors against ADCS is ESC8 — relaying NTLM creds to the ADCS HTTP(S) endpoints. While preventing this…
👍3