Using certreq.exe to create admin certificate bypassing certification authority service

[Sleepw4lker]

Hi, as described here (in german, use a translator please): https://www.gradenegger.eu/?p=19939

If attacker has local admin rights on a certification authority machine, he can generate arbitrary certificates with this command that can be used for logging on to the domain with arbitrary accounts (including domain/enterprise admin, domain controllers accounts and the like), without them appearing in the certification authority logs.