Exploiting CVE-2022-26923 by Abusing AD CS | TryHackMe

YOU CAN SUPPORT MY WORK BY BUYING A COFFEE --------------------------------------------------- https://www.buymeacoffee.com/lsecqt Learn how to Exploit CVE-2022-26923 by abusing AD CS (Active Directory Certificate Services). TryHackMe was quick enough to publish vulnerable lab, making it easier than ever to practice the exploit procedure. Certificates are complex and we barely touched the surface of the iceberg. Still I hope it was fun for you, if so: ❤️ Help the channel grow with a Like, Comment, & Subscribe! JOIN MY DISCORD TO SHARE KNOWLEDGE AND EXPERIENCE --------------------------------------------------- https://discord.gg/dWCe5ZMvtQ LINKS --------------------------------------------------- Certified Pre-Owned Blog: https://posts.specterops.io/certified-pre-owned-d95910965cd2 Certified Pre-Owned Whitepaper: https://www.specterops.io/assets/resources/Certified_Pre-Owned.pdf Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923): https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4 Certify (Github): https://github.com/GhostPack/Certify Certipy (Github): https://github.com/ly4k/Certipy Rubeus (Github): https://github.com/GhostPack/Rubeus Precompiled Binaries (Github): https://github.com/r3motecontrol/Ghostpack-CompiledBinaries TryHackMe CVE-2022-26923: https://tryhackme.com/room/cve202226923 TryHackMe AD Certificate Templates: https://tryhackme.com/room/adcertificatetemplates FOLLOW ME --------------------------------------------------- Twitter: https://twitter.com/lsecqt Twitch: https://www.twitch.tv/lsecqt Reddit: https://www.reddit.com/user/lsecqt TIMESTAMPS -------------------------------------------------- 00:00 - Intro 00:47 - Source Learning Materials Overview 01:34 - Explaining Certificate Granting Chain 04:07 - Some Terminology 05:50 - Explaining the Vulnerability 10:24 - TryHackMe Lab 1 (Abusing Certificate Templates with Certify and Rubeus) 28:15 - TryHackMe Lab 2 (CVE-2022-26923) 39:22 - Outro Hope you learned something new.