Exploiting Active Directory Certificate Services (ADCS) Using Only Two Tools

In this week’s episode, we’re revisiting the powerful ADCS ECS8 attack—but this time, we’re dialing it in with a streamlined approach. Forget the complexity of juggling four tools! We’re breaking it down and achieving success with just two fantastic tools: NetExec and NTLMRelayX. 🛠️✨

Prepare for a simplified, smoother workflow perfect for anyone looking to refine their techniques or easily understand this attack's inner workings.

🔥 What You’ll Learn:
How to set up and use NetExec effectively
Leveraging NTLMRelayX for maximum efficiency
Tips for avoiding common pitfalls
Why simplifying tools doesn’t mean compromising results

🔗 Useful Resources and Links:
📥 NetExec Tool: https://www.netexec.wiki/
📥 NTLMRelayX Tool: https://github.com/fortra/impacket/bl...
📄 ADCS ECS8 Reference: https://specterops.io/wp-content/uplo...
🎥 Previous Video (4-Tool Method):    • Certipy and ADCSync attacks against Active...  
💡 Subscribe for more cybersecurity tips, deep dives, and hands-on tutorials

👍 Don’t forget to like, share, and comment if you found this helpful. What’s your favorite ADCS attack strategy? Let me know below! 🚀
#CyberSecurity #ADCS #NetExec #NTLMRelayX #EthicalHacking #PenetrationTesting #SimplifiedAttacks

Chapters
00:00 What is ESC8
03:00 Setting up the Relaying with NTLMRelayX
04:20 Coercing the DC to Send Hashes
06:00 Testing Certificate Authentication
07:30 Getting User NT Hashes
08:30 Verifying The Hashes Work
09:38 Detecting the Certificate Grant
11:43 Detecting Certificate Usage
13:45 Outro