Module Name	Locksmith
Module Guid	b1325b42-8dc4-4f17-aa1f-dcb5984ca14a
Download Help Link	NA
Help Version	2024.11.11
Locale	en-US

Locksmith Module

Description

A small tool to find and fix common misconfigurations in Active Directory Certificate Services.

Escalation paths

ESC1, ESC2, etc., refer to a series of Active Directory Certificate Services (AD CS) escalation paths, originally documented by Will Schroeder and Lee Christensen in their landmark 2021 research on abusing AD CS titled "Certified Pre-Owned".

These ESC* vulnerabilities are not software vulnerabilities in the traditional sense (like CVEs), but rather misconfigurations or abuse paths that attackers can use to escalate privileges or persist in an environment using AD CS.

Locksmith Cmdlets

Invoke-Locksmith

A small tool to find and fix common misconfigurations in Active Directory Certificate Services.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Locksmith Module

Description

Escalation paths

Locksmith Cmdlets

Invoke-Locksmith

FilesExpand file tree

Locksmith.md

Latest commit

History

Locksmith.md

File metadata and controls

Locksmith Module

Description

Escalation paths

Locksmith Cmdlets

Invoke-Locksmith