ly4k
commented
2 years ago In my article, JOHNPC has write privileges over the ESC4 template. You must do the same to perform the ESC4 attack. You can do in the the Certificate Authority console by clicking on "certificate templates" and then right click on any template and then click "manage". Then on the template you can edit the security
Why can I only use Find Misconfigured Certificate Templates for the bloodHound zip package I generated with certipy? Using Shortest Paths to Misconfigured Certificate Templates from Owned Principals will show NO DATA RETURNED FROM QUERY。 ESC1-3 I didn't use BloodHound to complete the test, but I don't understand how the JOHNPC in your article ESC4 came from. I know from your article that there is such a user in BloodHound, please can you tell me JOHNPC what is going on.