EPISODE · Mar 2, 2026 · 47 MIN
Episode 6 - ADCS: your greatest ally or biggest vulnerability?
from The Zero Trust Zone · host Michael Van Horenbeeck
Certificates are either your strongest authentication control or your biggest hidden liability.In Episode 6 of The Zero Trust Zone, I’m joined by identity expert Jake Hildreth to unpack the real-world security implications of Active Directory Certificate Services (AD CS).We discuss why PKI is often misunderstood, how certificate misconfigurations become high-impact attack paths, and how tools like Locksmith are helping organizations identify exposure before attackers do.From Zero Trust architecture to ESC abuse paths, this episode dives deep into the sense (and some nonsense) of certificates in modern enterprise security.Topics covered include:Why AD CS has become a prime attack surfaceCommon certificate misconfigurations in enterprise environmentsESC vulnerabilities explainedProactive PKI auditing and hardening strategiesResources mentioned:SpecterOps – Certified Pre-Owned: Abusing Active Directory Certificate Serviceshttps://posts.specterops.io/certified-pre-owned-d95910965cd2Jake Hildreth – LockSmith PowerShell Toolkithttps://github.com/jakehildreth/LocksmithMichael Waterman – Top 10 PKI Recommendations by a Former Microsoft Security Engineerhttps://michaelwaterman.nl/2026/02/15/top-10-pki-recommendations-by-a-former-microsoft-security-engineer/
What this episode covers
Certificates are either your strongest authentication control or your biggest hidden liability.In Episode 6 of The Zero Trust Zone, I’m joined by identity expert Jake Hildreth to unpack the real-world security implications of Active Directory Certificate Services (AD CS).We discuss why PKI is often misunderstood, how certificate misconfigurations become high-impact attack paths, and how tools like Locksmith are helping organizations identify exposure before attackers do.From Zero Trust architecture to ESC abuse paths, this episode dives deep into the sense (and some nonsense) of certificates in modern enterprise security.Topics covered include:Why AD CS has become a prime attack surfaceCommon certificate misconfigurations in enterprise environmentsESC vulnerabilities explainedProactive PKI auditing and hardening strategiesResources mentioned:SpecterOps – Certified Pre-Owned: Abusing Active Directory Certificate Serviceshttps://posts.specterops.io/certified-pre-owned-d95910965cd2Jake Hildreth – LockSmith PowerShell Toolkithttps://github.com/jakehildreth/LocksmithMichael Waterman – Top 10 PKI Recommendations by a Former Microsoft Security Engineerhttps://michaelwaterman.nl/2026/02/15/top-10-pki-recommendations-by-a-former-microsoft-security-engineer/
NOW PLAYING
Episode 6 - ADCS: your greatest ally or biggest vulnerability?
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m