This post provides details on the modern attack paths in Active Directory Certificate Services, how to hunt these techniques and controls to defend.
Active Directory Certificate Services:Modern Attack Paths, Mitigations, and Hardening
Active Directory Certificate Services (AD CS) is often challenging for cyber defenders to manage because not only is it difficult for security teams to detect when their AD CS has been compromised or leveraged for persistence, but the actual remediation and hardening steps can be rather complex.
I and my colleagues have detailed the modern attack paths observed in ADCS environment, code snippets to hunt the techniques, various security controls and changes in environment after the patch (KB5014754) in a whitepaper. This whitepaper got published in Mandiant blog.
Reference for the details: