Exploit ESC8 (ADCS)

List all PKI enrollment Server

crackmapexec run ldap <ip> -u user -p pass -M adcs

List all certificates inside a PKI

crackmapexec run ldap <ip> -u user -p pass -M adcs -o SERVER=xxxx

Certified_Pre-Owned.pdf

AD CS AbusePentester's Promiscuous Notebook