Certificates are either your strongest authentication control or your biggest hidden liability.

In Episode 6 of The Zero Trust Zone, I’m joined by identity expert Jake Hildreth to unpack the real-world security implications of Active Directory Certificate Services (AD CS).

We discuss why PKI is often misunderstood, how certificate misconfigurations become high-impact attack paths, and how tools like Locksmith are helping organizations identify exposure before attackers do.

From Zero Trust architecture to ESC abuse paths, this episode dives deep into the sense (and some nonsense) of certificates in modern enterprise security.

Listen/view now on Spotify or through one of your favorite platforms, including YouTube, PocketCasts, and Apple Podcasts.

In this episode, we cover topics like:

  • Why AD CS has become a prime attack surface
  • Common certificate misconfigurations in enterprise environments
  • ESC vulnerabilities explained
  • Proactive PKI auditing and hardening strategies

Resources mentioned:

SpecterOps – Certified Pre-Owned: Abusing Active Directory Certificate Services
https://posts.specterops.io/certified-pre-owned-d95910965cd2

Jake Hildreth – LockSmith PowerShell Toolkit
https://github.com/jakehildreth/Locksmith

Michael Waterman – Top 10 PKI Recommendations by a Former Microsoft Security Engineer
https://michaelwaterman.nl/2026/02/15/top-10-pki-recommendations-by-a-former-microsoft-security-engineer/

Discover more from Microsoft 365 Security

Subscribe now to keep reading and get access to the full archive.

Continue reading