Featured posts
- Daniel Lattimer | Area Vice President – EMEA West
- Jan 17, 2025
Categories
- Sean Deuby | Principal Technologist
- Jan 15, 2025
- Eric Woodruff
- Jan 13, 2025
- James Doggett | Semperis CISO
- Dec 18, 2024
Latest posts
- Daniel Lattimer | Area Vice President – EMEA West
- Jan 17, 2025
- Sean Deuby | Principal Technologist
- Jan 15, 2025
- Eric Woodruff
- Jan 13, 2025
- Huy Kha | Senior Identity & Security Architect
- Dec 19, 2024
- James Doggett | Semperis CISO
- Dec 18, 2024
- Huy Kha | Senior Identity & Security Architect
- Nov 15, 2024
- Edward Amoroso
- Oct 24, 2024
- Edward Amoroso
- Oct 18, 2024
Categories
Active Directory Backup & Recovery
Top Pitfalls of Depending on Manual AD Forest Recovery After a Cyberattack
- Sean Deuby | Principal Technologist
- Jan 15, 2025
Unless you avoid cybersecurity news, you know that Active Directory (AD)—the primary identity system for 90% of organizations worldwide—is now the #1 target for cyberattackers. AD controls authentication and access to applications and services across the organization. Attackers know that if they can disable AD, they can bring the business…
Cohesity and Semperis Provide Unmatched Cyber Resilience for Business-Critical Data
- Nico Devoti | Senior Director, Technology Alliances
- Aug 09, 2024
An organization’s data is one of its most valuable assets—and a prime target for cyberattackers, who prove time and again that their victims will pay large ransom sums to get exfiltrated data back. According to Semperis’ 2024 Ransomware Risk Report, 78% of organizations that were hit by a ransomware attack…
Forrester TEI of Semperis: Organizations Reduce AD Forest Recovery Time by 90% with ADFR
- Sean Deuby | Principal Technologist
Successfully recovering from an attack on Active Directory is a race against the clock. Organizations that have been through this worst-case scenario know that being able to recover your AD is just the start: The time to recover AD is a significant factor in the extent of the damage, a…
Active Directory Security
Your DORA Compliance Checklist for Identity Defence
- Daniel Lattimer | Area Vice President – EMEA West
- Jan 17, 2025
This week, the European Union’s Digital Operational Resilience Act (DORA) goes into effect in an effort to provide a clear roadmap for enhancing cybersecurity across the financial services industry. All financial entities operating in or with the EU—as well as information and communication technology (ICT) providers that support such entities—are…
Why Upgrade to Lighting Intelligence from Purple Knight
- Huy Kha | Senior Identity & Security Architect
- Dec 19, 2024
For organizations of any size, managing hybrid identity security across on-premises and cloud environments can be challenging. Purple Knight has long been trusted to expose risky misconfigurations. Now, Semperis—the identity security experts behind Purple Knight—offer Lightning Intelligence, a SaaS security-posture assessment tool that automates scanning to provide continuous monitoring without…
What You Need to Know about SEC Regulation S-P Requirements and Active Directory
- James Doggett | Semperis CISO
- Dec 18, 2024
CISOs in the financial sector have another new regulatory challenge to contend with. Earlier this year, the U.S. Securities and Exchange Commission (SEC) adopted new cybersecurity incident response and disclosure rules, demanding new approaches to disaster recovery planning. For affected organizations, the new SEC Regulation S-P requirements demand a new…
AD Security 101
How to Defend Against a Password Spraying Attack
- Daniel Petri | Senior Training Manager
Active Directory remains a critical infrastructure component for managing network resources, login credentials, and user authentication. Yet its centrality makes it a prime target for cyberattacks. One such evolving cyberattack is password spraying, a threat that’s gained in complexity in recent years. Password spraying attacks stand out due to their…
How to Defend Against SID History Injection
- Daniel Petri | Senior Training Manager
Security Identifier (SID) History injection is a sophisticated cyberattack vector that targets Windows Active Directory environments. This attack exploits the SID History attribute, which is intended to maintain user access rights during migrations from one domain to another. By injecting malicious SID values into this attribute, an attacker can escalate…
LDAP Injection Attack Defense: AD Security 101
- Daniel Petri | Senior Training Manager
LDAP injection represents a formidable cyberattack vector, targeting the authentication and authorization mechanisms within your Active Directory environment. By exploiting improper input validation, attackers can manipulate LDAP statements and potentially gain unauthorized access to your directory service. Semperis cybersecurity and identity security experts have a deep understanding of LDAP injection,…
Community Tools
Hello, My Name Is Domain Admin
- Mickey Bresman
- Aug 05, 2024
My friends know I’m a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk’s first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life, and becoming a “real” person…
Strengthening Cyber Incident Response with Forest Druid
- Huy Kha | Senior Identity & Security Architect
- Aug 01, 2024
Forest Druid is a free cyber attack path discovery tool for hybrid identity environments, such as Active Directory and Entra ID. Unlike traditional tools that map attack paths from the external perimeter inwards, Forest Druid focuses on protecting the most critical assets first. This method prioritizes identifying and securing Tier…
Purple Knight Scoring Improves Understanding of Identity System Security Vulnerabilities
- Ran Harel
Our latest Purple Knight (PK) v4.2 release introduces fundamental changes, particularly concerning the new scoring calculation. Changing from a broader approach that considered all indicators, we’ve now zeroed in on the “failed” indicators, those that highlight genuine security threats in your environment. This shift aims to ensure that the overall…
Directory Modernization
Security-Centric Active Directory Migration and Consolidation
- Michael Masciulli
Enterprise organizations with legacy Active Directory (AD) environments have a security problem. Their AD infrastructure has likely degraded over time and now harbors multiple security vulnerabilities because of inefficient architecture, multiple misconfigurations, and poorly secured legacy applications. Yet Active Directory migration and consolidation, especially involving a sprawling AD infrastructure, is…
Active Directory Migration: 15 Steps to Success
- Daniel Petri | Senior Training Manager
Active Directory (AD) migration projects can be challenging and complex. Such projects involve the migration of users, groups, computers, and applications from one AD domain or forest to another. Careful planning and execution can help your migration team complete a successful AD migration, with minimal disruption to end users and…
Why AD Modernization Is Critical to Your Cybersecurity Program
- Mickey Bresman
Active Directory (AD) is the core identity store for many organizations. As such, AD has also become a major target for bad actors. If attackers gain access to AD, they gain access to any resources in the organization. In a hybrid on-prem/cloud scenario, which is common today, that includes access…
From the Front Lines
Hello, My Name Is Domain Admin
- Mickey Bresman
- Aug 05, 2024
My friends know I’m a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk’s first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life, and becoming a “real” person…
New Ransomware Statistics Reveal Increased Need for Active Directory Security and Resilience
- Mickey Bresman
- Jul 31, 2024
By now, we’re all familiar with the need for an “assume breach” mindset where ransomware and other cyber threats are concerned. To better understand the necessity and challenges of this approach, we partnered with international market research firm Censuswide to ask organizations about their experience with ransomware attacks. What we…
LockBit, Law Enforcement, and You
- Mickey Bresman
Another day, another installment in the LockBit saga. The latest development in the never-ending story of cyber-criminal gangs versus law enforcement agencies is nearly worthy of its own TV series. But what does it mean for you—the person who must defend your organization and maintain its ability to operate amidst…
Hybrid Identity Protection
LDAPNightmare Explained
- Eric Woodruff
- Jan 13, 2025
LDAPNightmare, recently published by SafeBreach Labs, is a proof-of-concept exploit of a known Windows Lightweight Directory Access Protocol (LDAP) denial-of-service vulnerability (CVE-2024-49113). What is LDAPNightmare, how dangerous is this exploit, and how can you detect and defend against it? What is LDAPNightmare? The December 2024 Windows update – published by…
Why Upgrade to Lighting Intelligence from Purple Knight
- Huy Kha | Senior Identity & Security Architect
- Dec 19, 2024
For organizations of any size, managing hybrid identity security across on-premises and cloud environments can be challenging. Purple Knight has long been trusted to expose risky misconfigurations. Now, Semperis—the identity security experts behind Purple Knight—offer Lightning Intelligence, a SaaS security-posture assessment tool that automates scanning to provide continuous monitoring without…
Password Spraying Detection in Active Directory
- Huy Kha | Senior Identity & Security Architect
- Sep 18, 2024
Password spraying detection is a vital ability for all organizations. In a password spraying attack, the attacker attempts to gain unauthorized access by trying a few common or weak passwords across many accounts rather than targeting a single account with many passwords. The idea is to test several passwords, hoping…
Identity Attack Catalog
LDAPNightmare Explained
- Eric Woodruff
- Jan 13, 2025
LDAPNightmare, recently published by SafeBreach Labs, is a proof-of-concept exploit of a known Windows Lightweight Directory Access Protocol (LDAP) denial-of-service vulnerability (CVE-2024-49113). What is LDAPNightmare, how dangerous is this exploit, and how can you detect and defend against it? What is LDAPNightmare? The December 2024 Windows update – published by…
Zerologon Exploit Explained
- Huy Kha | Senior Identity & Security Architect
- Nov 15, 2024
In a Zerologon exploit, an attacker with access to a network takes advantage of a critical flaw in the Netlogon Remote Protocol (MS-NRPC) to impersonate any computer, including a domain controller (DC). This flaw is known as Zerologon—a vulnerability that can give attackers full control over a domain. What is…
Kerberoasting Explained
- Huy Kha | Senior Identity & Security Architect
- Oct 11, 2024
A recent report from the cybersecurity agencies in the Five Eyes alliance, including CISA and the NSA, urges organizations to strengthen the security of their Microsoft Active Directory (AD) deployments—a prime target for cyber attackers. The report describes dozens of attack techniques that attackers use to breach AD, including Kerberoasting.…
Identity Threat Detection & Response
Your DORA Compliance Checklist for Identity Defence
- Daniel Lattimer | Area Vice President – EMEA West
- Jan 17, 2025
This week, the European Union’s Digital Operational Resilience Act (DORA) goes into effect in an effort to provide a clear roadmap for enhancing cybersecurity across the financial services industry. All financial entities operating in or with the EU—as well as information and communication technology (ICT) providers that support such entities—are…
Zerologon Exploit Explained
- Huy Kha | Senior Identity & Security Architect
- Nov 15, 2024
In a Zerologon exploit, an attacker with access to a network takes advantage of a critical flaw in the Netlogon Remote Protocol (MS-NRPC) to impersonate any computer, including a domain controller (DC). This flaw is known as Zerologon—a vulnerability that can give attackers full control over a domain. What is…
Password Spraying Detection in Active Directory
- Huy Kha | Senior Identity & Security Architect
- Sep 18, 2024
Password spraying detection is a vital ability for all organizations. In a password spraying attack, the attacker attempts to gain unauthorized access by trying a few common or weak passwords across many accounts rather than targeting a single account with many passwords. The idea is to test several passwords, hoping…
Our Mission: Be a Force for Good
Duns 100 Ranks Semperis in Top 15 to Work For
- Yarden Gur
This month marked two milestones for Semperis. First, Deloitte recognized the company as one of the 100 fastest growing technology companies in North America and (for the third consecutive year) one of the top 10 fastest-growing tech companies in the greater New York area. Then, the company was listed for…
What It Means to be a Mission-Driven Company
- Mickey Bresman
On behalf of the entire team, I’m excited to share that Semperis has been named to Inc.’s 2022 list of Best Workplaces. This annual list honors workplaces that are ranked highly by their employees on topics like benefits, trust in senior leadership, change management, and career development. I could not…
Hybrid Identity Protection: IDPro Founder Ian Glazer
- Sean Deuby | Principal Technologist
You won’t want to miss the newest episode of the Hybrid Identity Podcast (HIP)! In this session, I have the pleasure of talking with IDPro founder and Salesforce Senior VP of Identity Product Management Ian Glazer. What’s new at IDPro? IDPro has become the organization for identity pros looking for…
Purple Knight
Purple Knight Scoring Improves Understanding of Identity System Security Vulnerabilities
- Ran Harel
Our latest Purple Knight (PK) v4.2 release introduces fundamental changes, particularly concerning the new scoring calculation. Changing from a broader approach that considered all indicators, we’ve now zeroed in on the “failed” indicators, those that highlight genuine security threats in your environment. This shift aims to ensure that the overall…
Semperis Offers New Protection Against Okta Breaches
- Semperis Research Team
In an ever-evolving digital landscape, organizations rely on robust identity protection solutions to safeguard sensitive data and maintain secure operations. For most enterprise businesses, that means protecting Active Directory and Entra ID (formerly Azure AD). But identity protection is just as vital for organizations that use Okta, a cloud-based identity…
How to Prevent a Man-in-the-Middle Attack: AD Security 101
- Daniel Petri | Senior Training Manager
A man-in-the-middle attack, also known as an MitM attack, is a form of eavesdropping in an attempt to steal sensitive data, such as user credentials. These attacks can pose a serious threat to organizations’ network security, particularly in environments that use Microsoft Active Directory (AD) for identity management. As Active…
The CISO’s Perspective
Hello, My Name Is Domain Admin
- Mickey Bresman
- Aug 05, 2024
My friends know I’m a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk’s first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life, and becoming a “real” person…
New Ransomware Statistics Reveal Increased Need for Active Directory Security and Resilience
- Mickey Bresman
- Jul 31, 2024
By now, we’re all familiar with the need for an “assume breach” mindset where ransomware and other cyber threats are concerned. To better understand the necessity and challenges of this approach, we partnered with international market research firm Censuswide to ask organizations about their experience with ransomware attacks. What we…
DORA Compliance and ITDR
- Daniel Lattimer | Area Vice President – EMEA West
Organisations in the financial services sector in the European Union (EU) have less than a year to demonstrate Digital Operational Resilience Act (DORA) compliance. What is DORA, does it apply to your organisation, and how does DORA compliance intersect with one of today’s major cybersecurity concerns: identity threat detection and…
Threat Research
LDAPNightmare Explained
- Eric Woodruff
- Jan 13, 2025
LDAPNightmare, recently published by SafeBreach Labs, is a proof-of-concept exploit of a known Windows Lightweight Directory Access Protocol (LDAP) denial-of-service vulnerability (CVE-2024-49113). What is LDAPNightmare, how dangerous is this exploit, and how can you detect and defend against it? What is LDAPNightmare? The December 2024 Windows update – published by…
A New App Consent Attack: Hidden Consent Grant
- Adi Malyanker | Security Researcher
- Aug 13, 2024
Key findings Within Microsoft Azure, the Directory.ReadWrite.All permission holds significant implications. This permission enables a multitude of actions, including user editing and access to all data within the directory. Sound risky? Some have argued that when employed in isolation, the permission poses no inherent risk. However, my research indicates that…
UnOAuthorized: Privilege Elevation Through Microsoft Applications
- Eric Woodruff
- Aug 07, 2024
This article details a series of Semperis security research team discoveries that resulted in the ability to perform actions in Entra ID beyond expected authorization controls, based on analysis of the OAuth 2.0 scope (permissions). Our most concerning discovery involved the ability to add and remove users from privileged roles,…
Uncategorized
AD Security 101: Lock Down Risky User Rights
- Daniel Petri | Senior Training Manager
In Active Directory (AD) environments, you can use Group Policy Objects (GPOs) to configure user rights. By using GPOs, you can easily enforce consistent user rights policies across all computers in the domain or organizational unit (OU). This capability makes it easier to manage and maintain user access control over…
AD security resources
Stay informed. Get the latest news and resources on identity threat detection and response (ITDR), hybrid Active Directory (AD) security, and cyber resilience, brought to you by Semperis experts.
Experience a personalized demo
Request a demo and one of our product experts will give you a spin of our solutions.
