I posted recently about how an attacker used a misconfiguration in ADCS (Active Directory Certificate Services) to gain Domain Admin rights within the network.
@JimSycurity made me aware of Locksmith [1]: A small tool built to detect and fix common misconfigurations in Active Directory Certificate Services.
Locksmith will find common issues and attack paths, and for many of them, give you cmdlets you can run to resolve the issues yourself, or you can allow Locksmith to make fixes for you.
@NaderZaveri from Mandiant informed me of the "Modern Attack Paths, Mitigations, and Hardening" guide, detailing the various attack paths against ADCS and how to mitigate them.
So folks, check out Locksmith and the guide from Mandiant to secure your ADCS environment. Good luck ☘️
[1] https://github.com/TrimarcJake/Locksmith
[2] https://services.google.com/fh/files/misc/active-directory-certificate-services-hardening-wp-en.pdf