adcs-certipy-attack

This fragment is highly indicative of malicious intent: it is an end-to-end ADCS exploitation and persistence playbook. It provides explicit operational steps to abuse certificate templates and CA policy, perform NTLM relay to ADCS Web Enrollment/RPC enrollment, authenticate with obtained or forged certificates, extract NTLM hashes and perform DCSync/secrets dumping on a domain controller, and establish durable access by forging certificates with CA private key material. If included in any software supply-chain artifact, it represents an extreme security risk.