diff --git a/Miscellaneous/Active Directory/AD Enumeration.md b/Cryptography/Active Directory/AD Enumeration.md similarity index 100% rename from Miscellaneous/Active Directory/AD Enumeration.md rename to Cryptography/Active Directory/AD Enumeration.md diff --git a/Miscellaneous/Active Directory/AD Gaining Foothold.md b/Cryptography/Active Directory/AD Gaining Foothold.md similarity index 100% rename from Miscellaneous/Active Directory/AD Gaining Foothold.md rename to Cryptography/Active Directory/AD Gaining Foothold.md diff --git a/Miscellaneous/Active Directory/AD Hardening.md b/Cryptography/Active Directory/AD Hardening.md similarity index 100% rename from Miscellaneous/Active Directory/AD Hardening.md rename to Cryptography/Active Directory/AD Hardening.md diff --git a/Miscellaneous/Active Directory/AD Lateral Movement.md b/Cryptography/Active Directory/AD Lateral Movement.md similarity index 100% rename from Miscellaneous/Active Directory/AD Lateral Movement.md rename to Cryptography/Active Directory/AD Lateral Movement.md diff --git a/Miscellaneous/Active Directory/AD Misconfiguration.md b/Cryptography/Active Directory/AD Misconfiguration.md similarity index 100% rename from Miscellaneous/Active Directory/AD Misconfiguration.md rename to Cryptography/Active Directory/AD Misconfiguration.md diff --git a/Miscellaneous/Active Directory/AD Persistance.md b/Cryptography/Active Directory/AD Persistance.md similarity index 100% rename from Miscellaneous/Active Directory/AD Persistance.md rename to Cryptography/Active Directory/AD Persistance.md diff --git a/Miscellaneous/Active Directory/Active Directory Basics.md b/Cryptography/Active Directory/Active Directory Basics.md similarity index 100% rename from Miscellaneous/Active Directory/Active Directory Basics.md rename to Cryptography/Active Directory/Active Directory Basics.md diff --git a/Miscellaneous/Active Directory/Active Directory Certificate Service.md b/Cryptography/Active Directory/Active Directory Certificate Service.md similarity index 100% rename from Miscellaneous/Active Directory/Active Directory Certificate Service.md rename to Cryptography/Active Directory/Active Directory Certificate Service.md diff --git a/Miscellaneous/Active Directory/ad_hardening_tryhackme.png b/Cryptography/Active Directory/ad_hardening_tryhackme.png similarity index 100% rename from Miscellaneous/Active Directory/ad_hardening_tryhackme.png rename to Cryptography/Active Directory/ad_hardening_tryhackme.png diff --git a/Miscellaneous/Active Directory/powerview.ps1 b/Cryptography/Active Directory/powerview.ps1 similarity index 100% rename from Miscellaneous/Active Directory/powerview.ps1 rename to Cryptography/Active Directory/powerview.ps1 diff --git a/Cryptography/Certificate Vulnerabilities.md b/Cryptography/Certificate Vulnerabilities.md new file mode 100644 index 0000000..73d9326 --- /dev/null +++ b/Cryptography/Certificate Vulnerabilities.md @@ -0,0 +1,25 @@ +# Certificate Vulnerabilities + +## Certipy + +[ly4k's Certipy](https://github.com/ly4k/Certipy) is an offensive tool for +enumerating and abusing Active Directory Certificate Services (AD CS). + +### Find Vulnerabilities Using Certipy + +The `find` argument takes the DC's IP address a found user and a password. +Output is a text and JSON file containing information about the gathered +certificates and found vulnerabilities. + +```sh +certipy find -u $USERNAME -p $PASSWORD -dc-ip $DC_IP +``` + +### Separate Certification and Keys from PFX Files Using Certipy + +Separate a certificate and key from a `pfx` file in the following way + +```sh +certipy cert -pfx file.pfx -nocert -out file.key +certipy cert -pfx file.pfx -nokey -out file.key +```