HackTool.Win64.GhostCert.A

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Arrival Details

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Other Details

This Hacking Tool does the following:

• It is a tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS).
• It can find information about all registered CAs.
• It can find all enabled certificate templates.
• It can find vulnerable/abusable certificate templates using default low-privileged groups
• It can find enabled certificate templates where ENROLLEE_SUPPLIES_SUBJECT is enabled
• It can find enabled certificate templates capable of client authentication
• It can find all enabled certificate templates, display all of their permissions.
• It can find all enabled certificate templates and output to a json file.
• It can Enumerate access control information for PKI objects
• It can request a new certificate using the current user context
• It can request a new certificate using the current machine context
• It can request a new certificate using the current user context but for an alternate name (if supported)
• It can request a new certificate on behalf of another user, using an enrollment agent certificate
• It can download an already requested certificate
• It can query LDAP in order to list templates which allow domain users to enroll.
• It can discover certificates that allow Client Authentication
• It can enroll certificate to a User
• It can enroll Domain Users Rights
• It can show Enterprise CA Information
• It could request certificates for the machine account by executing this tool with the “/machine” argument from an elevated command prompt. This could allow authentication to be performed as the machine account.