From vendor to ESC1
https://scribe.rip/@Debugger/from-vendor-to-esc1-ed32281b7ea7Awesome blog post explaining why ~all enterprise domains could be pwned via ADCS: vendors prescribe insecure configuration to integrate their stuff!
(AFAICT I couldn't post this from my RSS reader, but if you see this for the fifth time, I'm sorry!)