AD CS is Microsoft PKI implementation that integrates with existing Active Directory forests, and provides everything from encrypting file systems to digital signatures, to user authentication. While AD CS is not installed by default it is widely deployed.
Attackers con request or renew certificates for users and computers, providing the same persistence approach as other techniques.
The certutil binary is a command line tool which can be used to quickly discover if there is a certificate authority on the domain.
We can verify the server has been identified as adcs.dominioncyber.local
I'll proceed with utilizing ntlmrelay from impacket suite we can capture the authentication of the Domain Controller machine Account and relay it to the Certification Authority Server