asktgt: /opsec flag is not respected when using PKINIT with /certificate #161
Description
I'm currently trying to mimic the behaviour of Windows' Smartcard authentication, but Rubeus and asktgt acts differently, causing detection by Defender for Identity (MDI). The /opsec flag tries to mimic the smartcard behaviour as observed with Wireshark, but only when no certificate is used to authenticate (Kerberos' PKINIT extension).
This can be seen here (https://github.com/GhostPack/Rubeus/blob/master/Rubeus/Commands/Asktgt.cs#L258), where the opsec variable, populated by the /opsec flag, is not passed to the overloaded Ask.TGT function. Especially the AS-REQ without pre-authentication, which is usually issued when using smartcard auth, is missing.
I might find some time next week to fix this myself.