heartburn-dev / PKI-Escalate

Quick and dirty PowerShell script to abuse the overly permissive capabilities of the SYSTEM user in a child domain on the Public Key Services and Enrollment Services ADCS containers to obtain Enterprise Administrator from Domain Administrator. Works by enabling a user to perform ESC1 (Enrolee supplying the SAN).
25Updated last year

Related projects

Alternatives and complementary repositories for PKI-Escalate