INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Advanced Malware Exploitation Techniques Used in AD CS Attacks
| 2026-05-11 22:00 CRITICAL HIGHExecutive Summary AI-generated
Adversaries have exploited vulnerabilities in native certificate issuance to impersonate privileged accounts and escalate privileges, with Unit 42 observations indicating that these weaknesses are actively used by both financially motivated ransomware groups and state-sponsored actors. These attacks typically involve misconfigured templates, overly permissive enrollment rights, and the misuse of native certificate issuance for account impersonation, allowing attackers to elevate their access levels within an enterprise through social engineering campaigns like the one described in August 2024, which exploited CVE-2022-26923.
Technical Mitigations AI-generated
• Implement secure certificate template management practices, including regular audits and updates to ensure templates are correctly configured.
• Limit the privileges of AD CS administrators to prevent unauthorized access or escalation of privileges.
• Regularly review and update AD CS policies and configurations to address known vulnerabilities and weaknesses.
Technical Observables
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
APT28APT28
CVE-2022-26923CVE-2022-26923
Target & Sectors
NORTH_AMERICA
NORTH_AMERICA
MIDDLE_EAST
MIDDLE_EAST
EUROPE
EUROPE
Incident Timeline
August 2024
Attackers used shadow credentials to gain stealthy, persistent access by exploiting low-privileged account requests for certificates from high-privileged templates.
Click on any entity below to view its context and source!
tactic
Social Engineering
In August 2024,
Rapid7
described a social engineering campaign in which attackers attempted to escalate privileges by exploiting
CVE-2022-26923
.
vulnerability
CVE-2022-26923
In August 2024,
Rapid7
described a social engineering campaign in which attackers attempted to escalate privileges by exploiting
CVE-2022-26923
.
organisation
CVE-2022
In August 2024,
Rapid7
described a social engineering campaign in which attackers attempted to escalate privileges by exploiting
CVE-2022-26923
.
general_metric
26923 CVE-2022
In August 2024,
Rapid7
described a social engineering campaign in which attackers attempted to escalate privileges by exploiting
CVE-2022-26923
.
organisation
CSR
For example, the “Supply in the request” option (
ENROLLEE_SUPPLIES_SUBJECT
) lets the requester define the certificate subject in the
certificate signing request
(CSR), enabling impersonation
Broad group enrollment rights:
organisation
Broad
For example, the “Supply in the request” option (
ENROLLEE_SUPPLIES_SUBJECT
) lets the requester define the certificate subject in the
certificate signing request
(CSR), enabling impersonation
Broad group enrollment rights:
infrastructure
Windows
For example, an attacker might:
Exploit a misconfigured template to request a certificate for a privileged account
Use the certificate to elevate privileges and gain domain admin access
Register a key in
msDS-KeyCredentialLink
for persistent, passwordless access
Continue lateral movement or maintain stealthy persistence without creating new accounts or relying on stolen passwords
This combination of template exploitation and shadow credential misuse represents one of the most persistent and hard-to-detect attack paths in modern Windows environments.
A central enabler of this attack is
Key Trust
, a modern authentication mechanism used by
Windows Hello for Business
and smartcards.
Correlating multiple event types
Tracking unusual patterns
Applying a baseline for user activity
Table 2 lists the specific Windows Event IDs essential for detecting AD CS-related anomalies and providing the necessary telemetry for threat hunting operations.
Key Event IDs
Log
Event ID
Description
Security
4886
Certificate services received a certificate request
Security
4887
Certificate services approved a certificate request and issued a certificate
Security
4898
Certificate services loaded a template
Security
5136
A directory service object was modified
Security
4768/4769
Kerberos TGT and service ticket requests
Microsoft-Windows-LDAP-Client
30
LDAP client search
Microsoft-Windows-ActiveDirectory_DomainService
1644
LDAP server search
Table 2.
Windows Event 1644 showing an LDAP query targeting the
msDS-KeyCredentialLink
attribute.
Disable Windows Event Logging (T1562.002)
User set insecure CA registry setting for global SANs
XDR Analytics BIOC, Identity Analytics
Impair Defenses: Disable or Modify Tools (T1562.001)
organisation
Key Trust
A central enabler of this attack is
Key Trust
, a modern authentication mechanism used by
Windows Hello for Business
and smartcards.
organisation
Windows Hello for Business
A central enabler of this attack is
Key Trust
, a modern authentication mechanism used by
Windows Hello for Business
and smartcards.
organisation
Key Event
Key Event IDs
Log
Event ID
Description
Security
4886
Certificate services received a certificate request
Security
4887
Certificate services approved a certificate request and issued a certificate
Security
4898
Certificate services loaded a template
Security
5136
A directory service object was modified
Security
4768/4769
Kerberos TGT and service ticket requests
Microsoft-Windows-LDAP-Client
30
LDAP client search
Microsoft-Windows-ActiveDirectory_DomainService
1644
LDAP server search
Table 2.
organisation
Log
Event ID
Description
Security
Key Event IDs
Log
Event ID
Description
Security
4886
Certificate services received a certificate request
Security
4887
Certificate services approved a certificate request and issued a certificate
Security
4898
Certificate services loaded a template
Security
5136
A directory service object was modified
Security
4768/4769
Kerberos TGT and service ticket requests
Microsoft-Windows-LDAP-Client
30
LDAP client search
Microsoft-Windows-ActiveDirectory_DomainService
1644
LDAP server search
Table 2.
organisation
Security
5136
Key Event IDs
Log
Event ID
Description
Security
4886
Certificate services received a certificate request
Security
4887
Certificate services approved a certificate request and issued a certificate
Security
4898
Certificate services loaded a template
Security
5136
A directory service object was modified
Security
4768/4769
Kerberos TGT and service ticket requests
Microsoft-Windows-LDAP-Client
30
LDAP client search
Microsoft-Windows-ActiveDirectory_DomainService
1644
LDAP server search
Table 2.
organisation
Microsoft
Key Event IDs
Log
Event ID
Description
Security
4886
Certificate services received a certificate request
Security
4887
Certificate services approved a certificate request and issued a certificate
Security
4898
Certificate services loaded a template
Security
5136
A directory service object was modified
Security
4768/4769
Kerberos TGT and service ticket requests
Microsoft-Windows-LDAP-Client
30
LDAP client search
Microsoft-Windows-ActiveDirectory_DomainService
1644
LDAP server search
Table 2.
organisation
Disable Windows Event Logging
Disable Windows Event Logging (T1562.002)
User set insecure CA registry setting for global SANs
XDR Analytics BIOC, Identity Analytics
Impair Defenses: Disable or Modify Tools (T1562.001)
organisation
Certipy LDAP
Figure 7 shows a Cortex XDR alert detecting Certipy LDAP queries against certificate templates and other AD CS objects, illustrating reconnaissance activity during an AD CS attack.
organisation
PKI-Enrollment-Service
Monitoring the following LDAP queries is instrumental in identifying adversarial reconnaissance and the initial stages of AD CS infrastructure enumeration:
objectClass=pKICertificateTemplate
objectCategory=CN=PKI-Enrollment-Service
msDS-KeyCredentialLink
attributes
Tools like Certify and Certipy perform broad and repeated LDAP queries across users, groups and certificate templates, making this activity a strong early warning signal.
organisation
XDR Analytics BIOC
Alert Name
Alert Source
MITRE ATT&CK Technique
Vulnerable certificate template loaded
XDR Analytics BIOC, Identity Analytics
Steal or Forge Authentication Certificates (T1649)
organisation
Identity Analytics
Alert Name
Alert Source
MITRE ATT&CK Technique
Vulnerable certificate template loaded
XDR Analytics BIOC, Identity Analytics
Steal or Forge Authentication Certificates (T1649)
organisation
Suspicious
Suspicious certificate template modification
XDR Analytics BIOC, Identity Analytics
Steal or Forge Authentication Certificates (T1649)
Key credential attribute modification
XDR Analytics BIOC, Identity Analytics
Modify Authentication Process (T1556)
PKINIT TGT authentication request
XDR Analytics BIOC, Identity Analytics
Use Alternate Authentication Material (T1550)
organisation
XDR Analytics
LDAP AD CS Enumeration via Attack Tool
XDR Analytics BIOC, Identity Analytics
Account Discovery (T1087)
Discovery of misconfigured certificate templates using LDAP
XDR Analytics BIOC
File and Directory Discovery (T1083)
organisation
Certipy
Certificate
Tool
Primary Use Case
Notes
Certify
Enumerates and exploits AD CS templates
C# tool, supports multiple ESC-style attack paths
Certipy
Certificate template exploitation and AD enumeration
Python-based, covers ESC1-ESC16 attack paths
PKINIT tools
Misuse PKINIT for Kerberos Ticket Granting Ticket (TGT) requests
Supports certificate-based Kerberos authentication
Whisker
Shadow credentials and Key Trust misuse
C# tool, manipulates the
msDS-KeyCredentialLink
attribute
pyWhisker
Shadow credentials and Key Trust misuse
Python equivalent of the Whisker tool
Table 1.
organisation
TGT
Tool
Primary Use Case
Notes
Certify
Enumerates and exploits AD CS templates
C# tool, supports multiple ESC-style attack paths
Certipy
Certificate template exploitation and AD enumeration
Python-based, covers ESC1-ESC16 attack paths
PKINIT tools
Misuse PKINIT for Kerberos Ticket Granting Ticket (TGT) requests
Supports certificate-based Kerberos authentication
Whisker
Shadow credentials and Key Trust misuse
C# tool, manipulates the
msDS-KeyCredentialLink
attribute
pyWhisker
Shadow credentials and Key Trust misuse
Python equivalent of the Whisker tool
Table 1.
organisation
Whisker
Shadow
Tool
Primary Use Case
Notes
Certify
Enumerates and exploits AD CS templates
C# tool, supports multiple ESC-style attack paths
Certipy
Certificate template exploitation and AD enumeration
Python-based, covers ESC1-ESC16 attack paths
PKINIT tools
Misuse PKINIT for Kerberos Ticket Granting Ticket (TGT) requests
Supports certificate-based Kerberos authentication
Whisker
Shadow credentials and Key Trust misuse
C# tool, manipulates the
msDS-KeyCredentialLink
attribute
pyWhisker
Shadow credentials and Key Trust misuse
Python equivalent of the Whisker tool
Table 1.
organisation
CA
Privileged certificate request via certificate template
XDR Analytics BIOC, Identity Analytics
Valid Accounts: Domain Accounts (T1078.002)
PowerShell pfx certificate extraction
XDR Analytics BIOC
Unsecured Credentials: Credentials In Files (T1552.001)
Deletion of AD CS certificate database entries
XDR Analytics BIOC, Identity Analytics
Indicator Removal (T1070)
Suspicious Certutil AD CS contact
XDR Analytics BIOC
Steal or Forge Authentication Certificates (T1649)
Certutil pfx parsing
XDR Analytics BIOC
Data from Local System (T1005)
The CA policy EditFlags was queried
XDR Analytics BIOC
Valid Accounts (T1078)
organisation
EditFlags
Privileged certificate request via certificate template
XDR Analytics BIOC, Identity Analytics
Valid Accounts: Domain Accounts (T1078.002)
PowerShell pfx certificate extraction
XDR Analytics BIOC
Unsecured Credentials: Credentials In Files (T1552.001)
Deletion of AD CS certificate database entries
XDR Analytics BIOC, Identity Analytics
Indicator Removal (T1070)
Suspicious Certutil AD CS contact
XDR Analytics BIOC
Steal or Forge Authentication Certificates (T1649)
Certutil pfx parsing
XDR Analytics BIOC
Data from Local System (T1005)
The CA policy EditFlags was queried
XDR Analytics BIOC
Valid Accounts (T1078)
organisation
Schannel
A user logged on to multiple workstations via Schannel
XDR Analytics, Identity Analytics
Steal or Forge Authentication Certificates (T1649)
Table 3. Cortex XDR/XSIAM alerts on AD CS activity.
organisation
Cortex XDR/XSIAM
A user logged on to multiple workstations via Schannel
XDR Analytics, Identity Analytics
Steal or Forge Authentication Certificates (T1649)
Table 3. Cortex XDR/XSIAM alerts on AD CS activity.
organisation
Certified Pre-Owned:
ESC1 Walkthrough
In their 2021
Certified Pre-Owned: Abusing Active Directory Certificate Services
organisation
PDF
[PDF]
whitepaper, SpecterOps researchers Will Schroeder and Lee Christensen identified and categorized eight primary AD CS escalation techniques, designated ESC1 through ESC8.
organisation
SpecterOps
[PDF]
whitepaper, SpecterOps researchers Will Schroeder and Lee Christensen identified and categorized eight primary AD CS escalation techniques, designated ESC1 through ESC8.
organisation
ESC
Since then, several additional ESC techniques have been discovered.
organisation
Requesters
An ESC1 attack can be conducted when a certificate template is configured with the following settings:
Low-privileged users have enrollment rights
Requesters can specify a
subject alternative name (SAN)
(
ENROLLEE_SUPPLIES_SUBJECT
)
Manager approval is disabled
No authorized signatures are required
The enhanced key usage (
EKU
) allows authentication — for example, Client Authentication
A typical ESC1 attack begins with an adversary enumerating available certificate templates using tools such as Certify or Certipy to identify misconfigurations.
organisation
EKU
An ESC1 attack can be conducted when a certificate template is configured with the following settings:
Low-privileged users have enrollment rights
Requesters can specify a
subject alternative name (SAN)
(
ENROLLEE_SUPPLIES_SUBJECT
)
Manager approval is disabled
No authorized signatures are required
The enhanced key usage (
EKU
) allows authentication — for example, Client Authentication
A typical ESC1 attack begins with an adversary enumerating available certificate templates using tools such as Certify or Certipy to identify misconfigurations.
organisation
Client Authentication
An ESC1 attack can be conducted when a certificate template is configured with the following settings:
Low-privileged users have enrollment rights
Requesters can specify a
subject alternative name (SAN)
(
ENROLLEE_SUPPLIES_SUBJECT
)
Manager approval is disabled
No authorized signatures are required
The enhanced key usage (
EKU
) allows authentication — for example, Client Authentication
A typical ESC1 attack begins with an adversary enumerating available certificate templates using tools such as Certify or Certipy to identify misconfigurations.
organisation
Certipy
Figure 5 shows output from Certipy, a Python tool used to enumerate certificate templates and exploit misconfigurations, highlighting flags that enable the ESC1 attack path.
organisation
Directory Modifications
Directory Modifications and Shadow Credentials
To detect shadow credential attacks, focus on unexpected modifications to the
msDS-KeyCredentialLink
attribute.
organisation
Active Directory
Key Trust leverages PKINIT in Kerberos to allow users to authenticate to Active Directory using public key certificates instead of passwords.
organisation
Using Certify
Using Certify to enumerate CAs in the Active Directory environment.
organisation
the Active Directory
Using Certify to enumerate CAs in the Active Directory environment.
organisation
PKINITtools
Detection and prevention of Certipy, as seen in Cortext XDR.
PKINITtools extends misuse into Kerberos by leveraging certificate-based authentication to request TGTs.
organisation
Behavioral Threat Protection
Palo Alto Networks customers are better protected from the threats discussed above through the following products:
Cortex XDR and XSIAM
Cortex XDR
and
XSIAM
are designed to prevent the execution of known malicious malware and prevent the execution of unknown malware using Behavioral Threat Protection and machine learning based on the Local Analysis module.
organisation
Local Analysis
Palo Alto Networks customers are better protected from the threats discussed above through the following products:
Cortex XDR and XSIAM
Cortex XDR
and
XSIAM
are designed to prevent the execution of known malicious malware and prevent the execution of unknown malware using Behavioral Threat Protection and machine learning based on the Local Analysis module.
organisation
Cortex
By comparing new activity to past activity, peer activity and the expected behavior of the entity, Cortex detects anomalous activity that may be indicative of credential-based attacks.
organisation
Cloud Infrastructure Entitlement Management
Cortex Cloud Identity Security
Cortex Cloud Identity Security encompasses
Cloud Infrastructure Entitlement Management (CIEM), Identity Security Posture Management (ISPM), Data Access Governance (DAG) as well as Identity Threat Detection and Response (ITDR) and provides clients with the necessary capabilities to improve their identity-related security requirements.
organisation
Identity Security Posture Management
Cortex Cloud Identity Security
Cortex Cloud Identity Security encompasses
Cloud Infrastructure Entitlement Management (CIEM), Identity Security Posture Management (ISPM), Data Access Governance (DAG) as well as Identity Threat Detection and Response (ITDR) and provides clients with the necessary capabilities to improve their identity-related security requirements.
organisation
Data Access Governance
Cortex Cloud Identity Security
Cortex Cloud Identity Security encompasses
Cloud Infrastructure Entitlement Management (CIEM), Identity Security Posture Management (ISPM), Data Access Governance (DAG) as well as Identity Threat Detection and Response (ITDR) and provides clients with the necessary capabilities to improve their identity-related security requirements.
organisation
DAG
Cortex Cloud Identity Security
Cortex Cloud Identity Security encompasses
Cloud Infrastructure Entitlement Management (CIEM), Identity Security Posture Management (ISPM), Data Access Governance (DAG) as well as Identity Threat Detection and Response (ITDR) and provides clients with the necessary capabilities to improve their identity-related security requirements.
organisation
Identity Threat Detection
Cortex Cloud Identity Security
Cortex Cloud Identity Security encompasses
Cloud Infrastructure Entitlement Management (CIEM), Identity Security Posture Management (ISPM), Data Access Governance (DAG) as well as Identity Threat Detection and Response (ITDR) and provides clients with the necessary capabilities to improve their identity-related security requirements.
organisation
ITDR
Cortex Cloud Identity Security
Cortex Cloud Identity Security encompasses
Cloud Infrastructure Entitlement Management (CIEM), Identity Security Posture Management (ISPM), Data Access Governance (DAG) as well as Identity Threat Detection and Response (ITDR) and provides clients with the necessary capabilities to improve their identity-related security requirements.
organisation
Palo Alto Networks
+82.080.467.8774
Palo Alto Networks has shared these findings with our fellow Cyber Threat Alliance (CTA) members.
organisation
Cyber Threat Alliance
+82.080.467.8774
Palo Alto Networks has shared these findings with our fellow Cyber Threat Alliance (CTA) members.
organisation
CTA
+82.080.467.8774
Palo Alto Networks has shared these findings with our fellow Cyber Threat Alliance (CTA) members.
organisation
Cortex XDR AD CS Event Setup
Note:
To maximize detection capabilities, all relevant audit policies must be enabled and configured correctly, using resources such as the
Cortex XDR AD CS Event Setup
documentation.
threat_actor
APT28
An example from recent years of an attacker using this technique in the wild is described in a 2025 advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) which describes a
cyberespionage campaign
attributed to
Fighting Ursa
(also known as APT28, Fancy Bear, Forest Blizzard).
organisation
ADExplorer
In this campaign, the threat actor used tools such as
ADExplorer
and Certipy to collect certificate services and Active Directory data from target environments prior to further exploitation.
organisation
Template Misuse – ESC Attacks
Monitoring
Template Misuse – ESC Attacks
Monitoring template usage helps detect attacks across the ESC1–ESCn spectrum, where overly permissive templates are exploited.
organisation
SAN
To differentiate legitimate activity from attacks, track enrollment rights, SAN usage and EKU flags.
organisation
Cortex XDR/XSIAM Alerts
Appendix B: Cortex XDR/XSIAM Alerts on AD CS Activity
Table 3 outlines the Cortex XDR/XSIAM alerts that detect AD CS-related malicious behaviors across multiple attack stages.
organisation
Identity Analytics
Impair Defenses
A user modified the CA audit policy
XDR Analytics BIOC, Identity Analytics
Impair Defenses:
2026/05/11
Threat actors used native certificate issuance to impersonate privileged accounts and escalate privileges in an ongoing AD CS escalation.
Click on any entity below to view its context and source!
infrastructure
Windows
Executive Summary
Active Directory Certificate Services (AD CS) is a foundational component of Windows enterprise infrastructure, responsible for managing public key infrastructure (PKI) and issuing certificates that enable authentication and encryption across networks.
organisation
Active Directory Certificate Services
Executive Summary
Active Directory Certificate Services (AD CS) is a foundational component of Windows enterprise infrastructure, responsible for managing public key infrastructure (PKI) and issuing certificates that enable authentication and encryption across networks.
organisation
PKI
Executive Summary
Active Directory Certificate Services (AD CS) is a foundational component of Windows enterprise infrastructure, responsible for managing public key infrastructure (PKI) and issuing certificates that enable authentication and encryption across networks.
organisation
Cortex XDR
Cortex XDR
and
XSIAM
customers are protected from this activity with
Cortex User Entity Behavior Analytics (UEBA
) and
Cortex Cloud Identity Security
.
organisation
XSIAM
Cortex XDR
and
XSIAM
customers are protected from this activity with
Cortex User Entity Behavior Analytics (UEBA
) and
Cortex Cloud Identity Security
.
organisation
Cortex User Entity Behavior Analytics
Cortex XDR
and
XSIAM
customers are protected from this activity with
Cortex User Entity Behavior Analytics (UEBA
) and
Cortex Cloud Identity Security
.
organisation
Cortex Cloud Identity Security
Cortex XDR
and
XSIAM
customers are protected from this activity with
Cortex User Entity Behavior Analytics (UEBA
) and
Cortex Cloud Identity Security
.
organisation
Certificate
Certificate issuance is an expected administrative function that often appears as normal network activity.
organisation
Ongoing Exploitation and Blind Spots
Despite
Ongoing Exploitation and Blind Spots
Despite years of research highlighting AD CS risks, certificate services remain a significant attack surface.
Tactical Metrics
Metrics
infrastructure
Windows
Affected Product
Click for context!
For example, an attacker might:
Exploit a misconfigured template to request a certificate for a privileged account
Use the certificate to elevate privileges and gain domain admin access
Register a key in
msDS-KeyCredentialLink
for persistent, passwordless access
Continue lateral movement or maintain stealthy persistence without creating new accounts or relying on stolen passwords
This combination of template exploitation and shadow credential misuse represents one of the most persistent and hard-to-detect attack paths in modern Windows environments.
Executive Summary
Active Directory Certificate Services (AD CS) is a foundational component of Windows enterprise infrastructure, responsible for managing public key infrastructure (PKI) and issuing certificates that enable authentication and encryption across networks.
A central enabler of this attack is
Key Trust
, a modern authentication mechanism used by
Windows Hello for Business
and smartcards.
Correlating multiple event types
Tracking unusual patterns
Applying a baseline for user activity
Table 2 lists the specific Windows Event IDs essential for detecting AD CS-related anomalies and providing the necessary telemetry for threat hunting operations.
Key Event IDs
Log
Event ID
Description
Security
4886
Certificate services received a certificate request
Security
4887
Certificate services approved a certificate request and issued a certificate
Security
4898
Certificate services loaded a template
Security
5136
A directory service object was modified
Security
4768/4769
Kerberos TGT and service ticket requests
Microsoft-Windows-LDAP-Client
30
LDAP client search
Microsoft-Windows-ActiveDirectory_DomainService
1644
LDAP server search
Table 2.
Windows Event 1644 showing an LDAP query targeting the
msDS-KeyCredentialLink
attribute.
Disable Windows Event Logging (T1562.002)
User set insecure CA registry setting for global SANs
XDR Analytics BIOC, Identity Analytics
Impair Defenses: Disable or Modify Tools (T1562.001)
Intelligence Sources
Palo Alto
2026-05-11
Palo Alto
2026-05-11
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-06-29T06:15
Comprehensive Tactical Telemetry
Highly Correlated Entities
66x
organisation
Identified Entity
CVE-2022
entity
19x
tactic
MITRE ATT&CK Technique
T1649 - Steal or Forge Authentication Certificates
technique
8x
tactic
Cyber Operation Type
Privilege Escalation
tactic
5x
target region
Target Country
United Kingdom
country
3x
target region
Target Region
MIDDLE_EAST
region
3x
timeline
Temporal Reference
August 2024
date
2x
general metric
+1
866
+1
2x
general metric
Highlights
4
highlights
Contextual Telemetry
Context Block
14 METRICS
general metric
Incident
42
incident
general metric
+65.6983.8730
50
+65.6983.8730
vulnerability
Exploited CVE
CVE-2022-26923
cve
general metric
Cve-2022
26,923
cve-2022
infrastructure
Affected Product
Windows
software
general metric
=
0
=
general metric
Security
4,886
security
general metric
Certificate Services
4,887
certificate services
general metric
Certificate Security
4,898
certificate security
general metric
Template Security
5,136
template security
general metric
Ldap
30
ldap
attribution
Attributing Entity
the U.S. Cybersecurity and Infrastructure Security Agency
authority
threat actor
APT Group
APT28
actor
general metric
Shows
6
shows
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.