ESC9-15

[Zamanry]

Hello, since this tool's inception, it's only supported ESC1-8 while newer ESC methods have been identified:

• 9/10 (Nov/2022) - https://posts.specterops.io/certificates-and-pwnage-and-patches-oh-my-8ae0f4304c1d
• 11 (Nov/2022) - https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/
• 13 (Feb/2024) - https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53
• 14 (Feb/2024) - https://posts.specterops.io/adcs-esc14-abuse-technique-333a004dc2b9
• 15 (Oct/2024) - https://trustedsec.com/blog/ekuwu-not-just-another-ad-cs-esc

ESC 12 (Oct/2023) is a bit more nuanced. It is mostly a physical security issue rather than a CA/template issue. I think we could still check this at a high-level by checking if lowly privileged groups have login access to CAs themselves. But I admit this is a fringe check.

• https://pkiblog.knobloch.info/esc12-shell-access-to-adcs-ca-with-yubihsm

I would love to be able to contribute and help fill this gap, but I do not have time to be able to help currently. For any other folks reading this, I'd recommend manually reading these links, checking your configurations, and making careful changes as necessary.

[SeiV-K]

I'd love to see the implementations of ESC 9 to 15 !
I hope i can find some time to do put some work on this project, no promises though...

[leamese]

Would love to see this implemented.