TL;DR: CA configured without the security extension breaks strong cert-to-account binding, re-enabling impersonation under StrongCertificateBindingEnforcement.

Stub — to be filled in.

What it is

TODO

Preconditions / where it applies

TODO

Technique

TODO

Detection and defence

TODO

References

• https://github.com/ly4k/Certipy/wiki/06-%E2%80%90-Privilege-Escalation