Detection Engineering
Detecting AD CS Abuse (ESC1–ESC8)
How to detect AD CS abuse — the ESC1 and ESC8 escalation paths, the CVE-2022-26923 case, certificate-request audit events, and the template hardening that stops it.
1 article
How to detect AD CS abuse — the ESC1 and ESC8 escalation paths, the CVE-2022-26923 case, certificate-request audit events, and the template hardening that stops it.