Certipy-AD

Certipy-AD is a specialized tool designed for offensive security operations targeting Active Directory Certificate Services. It enables users to enumerate vulnerabilities and exploit misconfigurations in AD CS environments, which are commonly used in enterprise Windows networks for issuing and managing digital certificates.

The tool supports a range of actions including account management, authentication with certificates, CA handling, certificate operations, AD CS enumeration, offline parsing from registry data, and more. This makes it valuable for penetration testers assessing the security of certificate authorities and related services in Active Directory setups.

Use cases include discovering weak certificate templates, forging certificates, relaying authentication, and shadowing credentials, all critical techniques in advanced Active Directory attacks. It integrates with Python libraries for handling cryptography, LDAP, and network protocols specific to Windows environments.

Certipy-AD operates by interacting with Active Directory protocols such as LDAP, RPC, and HTTP endpoints for Certificate Services. It enumerates CAs, templates, and accounts using Impacket for SMB/NTLM, ldap3 for directory queries, and cryptography libraries for certificate parsing and forging. Actions like relay target NTLM relay to ADCS HTTP endpoints, while find and parse modules analyze configurations and registry data offline to identify abuse paths such as ESC1-ESC8 vulnerabilities.