DPERSIST2 - Trusting Rogue CA Certificates

Overview
Resources

DPERSIST2 is not currently supported by Certify, and as such not explained in detail here.

For comprehensive information on DPERSIST2, please refer to Certified Pre-Owned.

Overview

DPERSIST2 involves trusting rogue CA certificates to establish domain persistence. This technique allows attackers to maintain access by installing malicious Certificate Authority certificates into the domain’s trusted root certificate store.

Resources

For detailed implementation and methodology, consult the original research:

Certified Pre-Owned Research Paper by Will Schroeder and Lee Chagolla-Christensen
SpecterOps blog posts on AD CS security

DPERSIST1 - Forging Certificates with Stolen CA DPERSIST3 - Malicious Misconfiguration

⌘I

Getting Started

Account Persistence

Domain Persistence

Privilege Escalation

DPERSIST2 - Trusting Rogue CA Certificates

Overview

Resources

Getting Started

Account Persistence

Domain Persistence

Privilege Escalation

​Overview

​Resources

Overview

Resources