WritePKIEnrollmentFlag

Abuse Info

This relationship alone is not enough to perform a privilege escalation or impersonation primitive. This relationship may contribute to other relationships and attributes, from which an escalation opportunity may emerge.

Opsec Considerations

When an attacker abuses a privilege escalation or impersonation primitive that relies on this relationship, it will necessarily result in the issuance of a certificate. A copy of the issued certificate will be saved on the host that issued the certificate.

Edge Schema

Source: User, Group, Computer
Destination: CertTemplate
Traversable: No

References

This edge is related to the following MITRE ATT&CK tactic and techniques:

https://attack.mitre.org/techniques/T1649/

Abuse and Opsec references

https://specterops.io/wp-content/uploads/sites/3/2022/06/Certified_Pre-Owned.pdf
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/ec71fd43-61c2-407b-83c9-b52272dec8a1

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

OpenHound

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

WritePKIEnrollmentFlag

Abuse Info

Opsec Considerations

Edge Schema

References

Abuse and Opsec references

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

OpenHound

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

Documentation Index

​Abuse Info

​Opsec Considerations

​Edge Schema

​References

​Abuse and Opsec references

Abuse Info

Opsec Considerations

Edge Schema

References

Abuse and Opsec references