AD CS Protection in Threat Prevention 8.0

Tatiana.Severina · January 8, 2026, 6:00pm

About the webinar

Join us 2026-01-27T18:00:00Z as we take a deep dive into the power of Active Directory Certificate Services (AD CS) protection and learn how this critical new capability in Threat Prevention 8.0 can harden your identity infrastructure.

In this session, we’ll unpack why AD CS has become a primary target for attackers seeking long-term persistence and how unauthorized certificate issuance allows them to impersonate high-privilege users. You’ll discover how to monitor and block these exploitation paths in real-time, gaining full visibility into the certificate lifecycle from request to logon. Whether you are looking to eliminate “shadow” identities or strengthen your defense against privilege escalation, this learning lab will provide practical insights and best practices to help you maximize the value of Threat Prevention 8.0 within your security ecosystem.

Click here to register!

During the session, you will learn about:

What is AD CS Exploitation? – Understand how attackers abuse certificate templates and CA configurations (ESC1–ESC7) to bypass traditional MFA and identity controls, enabling them to impersonate domain admins with total invisibility.
How Threat Prevention Helps – We’ll walk through a real-world AD CS abuse scenario where an attacker turns a low-privilege foothold into high-privilege access by requesting a certificate that lets them log on as an admin and Netwrix Threat Prevention stops the malicious enrollment before a certificate is issued.
How to Configure AD CS Monitoring and Blocking – Get a step-by-step overview of how to enable the seven new 8.0 policy templates. See how to detect template tampering and enforce strict issuance policies across your environment without disrupting legitimate workflows.
Best Practices and Recommendations – Discover proven strategies for optimizing your AD CS security posture, ensuring end-to-end visibility from initial request to final logon, and achieving the right balance between ironclad protection and operational efficiency.

Want to learn more about AD CS Protection? Check out the release announcement for more info!

Topic		Replies	Views
Learning Lab: Active Directory & Entra ID: Key Practices, Data Analysis and Delivery with Netwrix Auditor Show & Tell auditor , data-sources , learning-lab , video	0	137	May 29, 2025
BadSuccessor Monitoring & Blocking Show & Tell threat-prevention	0	146	May 23, 2025
Learning Lab: Hidden Gems in Endpoint Protector Show & Tell endpoint-protector , learning-lab	0	152	September 18, 2025
[Learning Lab] Hidden Gems in Netwrix Endpoint Protector Events endpoint-protector , livestream , learning-lab	6	487	September 18, 2025
What’s New in MCP + Access Analyzer: New AD Tools and Cross-Product Use Cases News announcement , access-analyzer , learning-lab	0	188	July 15, 2025

AD CS Protection in Threat Prevention 8.0

About the webinar

During the session, you will learn about:

Related topics