Sign up to save your podcasts
Or
Share Episode 6 - ADCS: your greatest ally or biggest vulnerability?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 6 - ADCS: your greatest ally or biggest vulnerability?
Certificates are either your strongest authentication control or your biggest hidden liability.
In Episode 6 of The Zero Trust Zone, I’m joined by identity expert Jake Hildreth to unpack the real-world security implications of Active Directory Certificate Services (AD CS).
We discuss why PKI is often misunderstood, how certificate misconfigurations become high-impact attack paths, and how tools like Locksmith are helping organizations identify exposure before attackers do.
From Zero Trust architecture to ESC abuse paths, this episode dives deep into the sense (and some nonsense) of certificates in modern enterprise security.
Topics covered include:
- Why AD CS has become a prime attack surface
- Common certificate misconfigurations in enterprise environments
- ESC vulnerabilities explained
- Proactive PKI auditing and hardening strategies
Resources mentioned:
SpecterOps – Certified Pre-Owned: Abusing Active Directory Certificate Services
https://posts.specterops.io/certified-pre-owned-d95910965cd2
Jake Hildreth – LockSmith PowerShell Toolkit
https://github.com/jakehildreth/Locksmith
Michael Waterman – Top 10 PKI Recommendations by a Former Microsoft Security Engineer
https://michaelwaterman.nl/2026/02/15/top-10-pki-recommendations-by-a-former-microsoft-security-engineer/
View all episodes
By Michael Van HorenbeeckCertificates are either your strongest authentication control or your biggest hidden liability.
In Episode 6 of The Zero Trust Zone, I’m joined by identity expert Jake Hildreth to unpack the real-world security implications of Active Directory Certificate Services (AD CS).
We discuss why PKI is often misunderstood, how certificate misconfigurations become high-impact attack paths, and how tools like Locksmith are helping organizations identify exposure before attackers do.
From Zero Trust architecture to ESC abuse paths, this episode dives deep into the sense (and some nonsense) of certificates in modern enterprise security.
Topics covered include:
- Why AD CS has become a prime attack surface
- Common certificate misconfigurations in enterprise environments
- ESC vulnerabilities explained
- Proactive PKI auditing and hardening strategies
Resources mentioned:
SpecterOps – Certified Pre-Owned: Abusing Active Directory Certificate Services
https://posts.specterops.io/certified-pre-owned-d95910965cd2
Jake Hildreth – LockSmith PowerShell Toolkit
https://github.com/jakehildreth/Locksmith
Michael Waterman – Top 10 PKI Recommendations by a Former Microsoft Security Engineer
https://michaelwaterman.nl/2026/02/15/top-10-pki-recommendations-by-a-former-microsoft-security-engineer/