all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

From DA to EA with ESC5

Add to bookmarks
May 16, 2023, 6:14 p.m. | Andy Robbins

Security Boulevard securityboulevard.com

There’s a new, practical way to escalate from Domain Admin to Enterprise Admin.


ESC5


You’ve heard of ESC1 and ESC8. But what about ESC5? ESC5 is also known as “Vulnerable PKI Object Access Control”. Will Schroeder and Lee Christensen’s whitepaper mentions three classes of objects when discussing ESC5:



  • The CA server’s AD computer object (i.e., compromise through S4U2Self or S4U2Proxy)

  • The CA server’s RPC/DCOM server

  • Any descendant AD object or container in the container(e.g., the Certificate Templates container, Certification …

access access control bloodhound-enterprise computer control cybersecurity domain domain admin enterprise lee microsoft object pki research sbn news security server vulnerable whitepaper

Visit resource

More from securityboulevard.com / Security Boulevard

Google Continues Mixing Generative AI into Cybersecurity 4 hours ago | securityboulevard.com
ai model cloud cloud security cloud service +37
HYPR and Microsoft Partner on Entra ID External Authentication Methods 6 hours ago | securityboulevard.com
authentication authentication methods can eam +17
2024 OWASP Mobile Top Ten Risks 7 hours ago | securityboulevard.com
api security api security - analysis application application security +19
Google Makes Implementing 2FA Simpler 7 hours ago | securityboulevard.com
2fa 2fa authenticator 2 factor authentication 2-step verification +29
RSAC 2024: IoT Security Questions (and Answers) 7 hours ago | securityboulevard.com
analysts blog breaches compliance +21
Danile Stori’s ‘Vulnerable Code’ 8 hours ago | securityboulevard.com
code daniel daniel stori humor +6
Balancing AI Workloads and Energy Demands with DCIM Software 8 hours ago | securityboulevard.com
applications article artificial artificial intelligence +21
Introducing Aembit Access Management for CI/CD Platforms 9 hours ago | securityboulevard.com
access access management actions aembit +17
Guts & Greed: How Bug Hunter Arrogance and Apathy Hurts Us All 9 hours ago | securityboulevard.com
amp apathy api hacking mindset application +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Red Team Penetration Tester and Operator, Junior

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com

Director, Security Operations & Risk Management

@ Live Nation Entertainment | Toronto, ON
View on infosec-jobs.com

IT and Security Specialist APAC (F/M/D)

@ Flowdesk | Singapore, Singapore, Singapore
View on infosec-jobs.com

Senior Security Controls Assessor

@ Capgemini | Washington, DC, District of Columbia, United States; McLean, Virginia, United States
View on infosec-jobs.com

GRC Systems Solution Architect

@ Deloitte | Midrand, South Africa
View on infosec-jobs.com

Cybersecurity Subject Matter Expert (SME)

@ SMS Data Products Group, Inc. | Fort Belvoir, VA, United States
View on infosec-jobs.com
View more jobs