BSides Brisbane 2026: SANS Researcher Jason Blanchard Unveils Active Directory Certificate Services Zero-Day Vulnerability
By
HackMoN Ai
Summary
At BSides Brisbane 2026, SANS Institute's Jason Blanchard uncovered a significant zero-day vulnerability in Active Directory Certificate Services (AD CS) that could enable attackers to compromise hybrid cloud/on-premises environments. The discovery, dubbed a "little gem" by Blanchard, involves a novel attack vector that bypasses existing security controls in certificate-based authentication workflows. The article details the technical mechanics of the vulnerability, its potential for privilege escalation and lateral movement in enterprise networks, and the broader implications for red team operations and defensive security strategies. Blanchard's research highlights critical gaps in how organizations secure their AD CS infrastructure, particularly in hybrid cloud configurations.
Source
bskyBSides Brisbane 2026: SANS Researcher Jason Blanchard Unveils Active Directory Certificate Services Zero-Day Vulnerabilityundercodetesting.comKey quotes
· 5 pulledThis little gem I found during my trip to BSides Brisbane could potentially unlock world domination — at least in the context of a red team engagement.
What we're looking at here is a fundamental bypass of how certificate services were designed to operate, and it's been sitting there, unnoticed, for years.
The hybrid cloud environment is where this really shines — or, depending on your perspective, where it becomes most dangerous.
Organizations need to understand that their AD CS infrastructure is often the weakest link in their identity security chain, and this finding underscores that reality.
This isn't just a theoretical exercise; we've demonstrated a working proof of concept that shows exactly how an attacker could chain this with other techniques to achieve full domain compromise.
You might also wanna read
Study Reveals Domain-Camouflaged Injection Attacks Bypass LLM Detection Systems
This research paper identifies a critical vulnerability in injection detectors used to protect LLM agents. The authors demonstrate that when
Cisco discloses actively exploited zero-day affecting up to 2 million IOS and IOS XE devices
Cisco disclosed an actively exploited zero-day vulnerability (CVE-2025-20352) affecting all supported versions of Cisco IOS and IOS XE, pote
arstechnica.com·9mo ago
Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System
Google Introduces Device-Bound Session Credentials to Combat Session Hijacking Attacks
Google has introduced Device-Bound Session Credentials (DBSC), a new security mechanism designed to prevent session hijacking by cryptograph

WAF - WAF Release - 2025-08-18
Critical FreePBX Zero-Day Vulnerability CVE-2025-57819 Exposed and Exploited
A critical zero-day vulnerability (CVE-2025-57819) has been discovered in FreePBX, a popular open-source PBX system. The article details how
labs.watchtowr.com·10mo ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.