This episode features Jake Hildreth, Principal Security Consultant at Semperis.
With nearly 25 years of IT experience, Jake has seen how Active Directory Certificate Services (AD CS) can quietly become the most fragile, and most dangerous, part of an enterprise’s identity infrastructure. Misunderstood, neglected, and often misconfigured, AD CS can hand attackers the ability to impersonate anyone in the organization.
In this episode, Jake demystifies why certificates feel like “cult knowledge,” explains how simple missteps in AD CS cascade into critical risks, and shares real-world lessons from the front lines. He also introduces tools designed to help overworked admins find and fix issues before adversaries exploit them.
This is a candid look at one of the least understood but most critical components of identity security, and the steps every security team should take now to avoid becoming the slowest gazelle in the herd.
Guest Bio
Jake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services.
He’s the creator of Locksmith, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he’s not untangling Kerberos or wrangling DNS, he’s usually hanging out with his favorite people and most grounding reality check: his wife and daughter.
Guest Quote
" The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.”
Time stamps
05:00 Why Are People Afraid of Certificates?
07:52 Basics of Public Key Infrastructure (PKI)
17:36 How AD CS Integrates with Active Directory
20:20 Setting Up and Configuring AD CS
23:19 Active Directory and Certificate Services Integration
23:54 Consequences of a Compromised AD
25:55 Primary Use Cases for AD CS
28:39 Recommendations for Managing AD CS
30:46 Locksmith: A Tool for AD CS Issues
34:06 Common Security Issues in AD CS
38:28 Steps to Improve AD CS Security
Sponsor
The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.
Links
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Are You A Charlotte?
In 1997, actress Kristin Davis’ life was forever changed when she took on the role of Charlotte York in Sex and the City. As we watched Carrie, Samantha, Miranda and Charlotte navigate relationships in NYC, the show helped push once unacceptable conversation topics out of the shadows and altered the narrative around women and sex. We all saw ourselves in them as they searched for fulfillment in life, sex and friendships. Now, Kristin Davis wants to connect with you, the fans, and share untold stories and all the behind the scenes. Together, with Kristin and special guests, what will begin with Sex and the City will evolve into talks about themes that are still so relevant today. "Are you a Charlotte?" is much more than just rewatching this beloved show, it brings the past and the present together as we talk with heart, humor and of course some optimism.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.