PSPKIAudit is Powershell Toolkit whose main purpose is to audit Active Directory Certificate Services (AD CS).
It is based on the PSPKI toolkit from PKISolution (Microsoft Public License). This repo has a more recent version of PSPKI than the one on the PSGallery (see the PSPKI directory). This variant was generously given by Vadims Podans (the author of PSPKI), as it contains fixes for many problems.
Features:
- Invoke-PKIAudit : Audits the latest Forest’s AD CS settings, focusing on the CA server and published templates for probable privilege escalation.
- Get-CertRequest : Searches the database of a CA for issued certificates. The main goal is to find certificate requests which may have taken advantage of a certificate layout privilege escalation flaw. F furthermore, if a client or machine is hacked, security team can utilise it to locate certificates issued by the CA server to that user or device.
The intended use for the tool is strictly educational and should not be used for any other purpose.
Download Link: https://github.com/GhostPack/PSPKIAudit