BSidesCharm 2022 - AD CS means “Active Directory is Cheese (Swiss)” - Jake Hildreth

Active Directory is great. Public Key Infrastructure is great. So you’d think Microsoft’s AD-integrated PKI – AD Certificate Services – would be great too. And configured correctly, it is! But in practice, Microsoft’s “easy” approach to PKI often creates security issues in typical deployments. Luckily, you can eliminate the most common & most dangerous misconfigurations with a few easy checks. Jake Hildreth (@dotdotdotHorse) Jake Hildreth is a Senior Security Consultant and member of the Identity Security Team at Trimarc Security, LLC. As a recovering sysadmin with over 20 years of wide-ranging experience in information technology, he configured, administered, or supported almost every technology used by small and medium businesses. His day-to-day work at Trimarc focuses on assessing Active Directory configurations for Fortune 500 companies to help secure their environments. He currently holds the CISSP and Security+ certifications and plans to expand into offensive research in the near-future.