search

TrimarcJake / Locksmith

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.
https://github.com/TrimarcJake/Locksmith
Other
901 stars 89 forks source link

Create Get-PublishedTemplates #161

Closed SamErde closed 1 week ago

SamErde commented 3 months ago

Get-PublishedTemplates pulls a list of published templates with their name, OID, flags, enrollment flag, whenModified, revision, and minor revision. This should help us check if vulnerable templates are published and also ultimately check if the vulnerable version is in use by issued certificate requests.

Please review the bitwise checks for the template's flags and mspki-enrollment-flag properties to see if the logic is correct and returns all published templates in your test environments.

Contributes to #87.

TrimarcJake commented 1 month ago

@SamErde what's the status on this? The current version seems to return no result.

SamErde commented 1 month ago

Will try to find time to revive and resolve this week.

TrimarcJake commented 1 week ago

@SamErde and I chatted. We're gonna go a different route. Thanks for playing along at home, everyone!