Active Directory Certificate Services (AD CS) is widely deployed in Microsoft enterprise organizations globally. A common fallacy is that certificates are more secure than usernames and passwords. However, AD CS can be easily misconfigured, resulting in a trivial, near-instant full-domain compromise. This session explores some of the most common configuration errors and mistakes administrators make that sabotage security in their environments.

You will learn:

• Identify common misconfigurations
• Techniques to mitigate common privilege escalation attacks
• Leverage community tools to audit and monitor AD CS security configuration