Tagged articles

S4U2SELF

1 articles · Page 1 of 1
Black & White Path
Black & White Path
Jul 5, 2026 · Information Security

Uncharted ADCS Virtual Account Attack: Hijack Domain Machines End‑to‑End

The article demonstrates how, with remote code execution as a Windows virtual account, an attacker can abuse ADCS to request a machine certificate, export it as a PFX, extract the machine's NTLM hash via PKINIT, and then use S4U2SELF (or a TGTDeleg path) to fully compromise a domain‑joined host without installing extra tools.

ADCSCertificate AbuseDomain Hijacking
0 likes · 10 min read
Uncharted ADCS Virtual Account Attack: Hijack Domain Machines End‑to‑End