Last updated: April 29, 2026
Active Directory Certificate Services (ADCS) is how Windows issues certificates — for user authentication, computer authentication, web services, VPN, code signing. It’s also, since SpecterOps’s 2021 “Certified Pre-Owned” research, one of the fastest paths from user to Domain Admin. This module covers the attack classes (ESC1-ESC8+) and defences.
ADCS primer
- Certification Authority (CA) — issues certificates
- Certificate Template — defines what a specific cert can be used for (auth, email, code signing)
- Enrollment — user or computer requests a cert; CA signs if policy allows
- Authentication — user presents cert; service validates signature chain
Certificate authentication is STRONG: no password hashes, immune to NTLM relay, tied to the cert holder’s identity. That’s what makes it attractive — and what makes template misconfigurations so valuable to attackers.
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.