competition-ad-certificate-abuse
CommunityTrace certificate-based privilege paths in AD CS
Software Engineering#enrollment#certificate#certificate-authority#ad-cs#ekus#privilege-mapping#ctf-sandbox
Authorxjtu-wang
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Traces certificate-based privilege paths in AD CS by mapping CA configurations, certificate templates, EKUs, enrollment rights, and mapping logic to concrete privilege outcomes. This helps security teams verify how a certificate can be issued and accepted to grant access, identify misconfigurations, and document an auditable abuse chain.
Core Features & Use Cases
- Map CA configuration, template trust, enrollment permissions, and mapping behavior to a compact, reproducible chain.
- Prove cert-to-privilege acceptance by linking issued certificates to a target service or logon path.
- Use cases include documenting EKU/SAN controls, enrollment agent behavior, and CA-policy based privilege flows.
Quick Start
Identify the CA, template, enrolling principal, and accepting service before diving into every certificate detail.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: competition-ad-certificate-abuse Download link: https://github.com/xjtu-wang/DigAgent/archive/main.zip#competition-ad-certificate-abuse Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.