Language:
Misconfigurations of Active Directory Certificate Services (AD CS) PKI objects in Active Directory can lead to an elevation to administrator privileges from a standard account, but also persistence (using the "Golden Certificate" technique).
Certain ADCS PKI parameters can significantly affect the security of the entire Active Directory and therefore require careful configuration.
Microsoft ADCS - Abusing PKI in Active Directory Environment
Name: ADCS Dangerous Misconfigurations
Codename: C-PKI-DANG-ACCESS
Severity: Critical