Adds support for ESC13

[sploutchy]

Adds support for detection of ESC13 (https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53)

[gbe]

Hello,

I've got a template for which your PR returns that it is vulnerable to ESC13.

In the output of Certipy, I get the following:

[...]
Issuance Policies                   : 1.3.6.1.4.1.30579.1.1.2
Linked Groups                       :
[...]
ESC13                             : 'DOM\\Authenticated Users' can enroll, template allows client authentication and issuance policy is linked to group ['']

When reading the blog post of specterops' , I understand that the template should be marked vulnerable if there's a linked group which is not the case here. Therefore I wonder if the PR should return vulnerable this template.

[sploutchy]

Hello @gbe ,
indeed, it looks like my code makes the assumption that the msDS-OIDToGroupLink attribute is set on the OID object.
However the Microsoft documentation says this attribute is not mandatory.
I implemented the check for empty link, but did not test ;) can you retest with that template and report back?
Cheers

[gbe]

Unfortunately I cannot test and confirm as I no longer have access to the Certificate Authority in question. Thanks a lot for implementing a fix (even if not tested).