Active Directory Certificate Services (AD CS) provides public key infrastructure (PKI) capabilities within Active Directory, enabling secure certificate issuance and management across the environment.

An Enterprise Security Certificate (ESC) attack exploits misconfigured certificate templates to escalate privileges or compromise Active Directory.

Attackers can leverage weak enrollment permissions, overly permissive certificate templates, or certificate abuse techniques to impersonate privileged users, persist within the environment, or gain full domain control.

Understanding and mitigating these attacks is crucial for protecting your organization's identity infrastructure and maintaining the integrity of authentication and access controls.