AD-ESC4Credential Access

ADCS ESC4 — Vulnerable Template ACL

Modify a template's ACL to make it ESC1-vulnerable, then enroll as any user.

§ Where this technique fits

AD-ESC4 is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.