The Hidden Dangers of AD CS with Jake Hildreth, Principal Security Consultant at Semperis
Show notes
This episode features Jake Hildreth, Principal Security Consultant at Semperis.
With nearly 25 years of IT experience, Jake has seen how Active Directory Certificate Services (AD CS) can quietly become the most fragile, and most dangerous, part of an enterprise’s identity infrastructure. Misunderstood, neglected, and often misconfigured, AD CS can hand attackers the ability to impersonate anyone in the organization.
In this episode, Jake demystifies why certificates feel like “cult knowledge,” explains how simple missteps in AD CS cascade into critical risks, and shares real-world lessons from the front lines. He also introduces tools designed to help overworked admins find and fix issues before adversaries exploit them.
This is a candid look at one of the least understood but most critical components of identity security, and the steps every security team should take now to avoid becoming the slowest gazelle in the herd.
Guest Bio
Jake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services.
He’s the creator of Locksmith, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he’s not untangling Kerberos or wrangling DNS, he’s usually hanging out with his favorite people and most grounding reality check: his wife and daughter.
Guest Quote
" The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.”
Time stamps
05:00 Why Are People Afraid of Certificates?
07:52 Basics of Public Key Infrastructure (PKI)
17:36 How AD CS Integrates with Active Directory
20:20 Setting Up and Configuring AD CS
23:19 Active Directory and Certificate Services Integration
23:54 Consequences of a Compromised AD
25:55 Primary Use Cases for AD CS
28:39 Recommendations for Managing AD CS
30:46 Locksmith: A Tool for AD CS Issues
34:06 Common Security Issues in AD CS
38:28 Steps to Improve AD CS Security
Sponsor
The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.
Links
← Previous
When Change Becomes the Biggest Threat with Edward Amoroso, CEO of TAG Infosphere
Next →
Inside the Snowden Breach with Chris Inglis, Former Deputy Director of the NSA