An organization’s data is one of its most valuable assets—and a prime target for cyberattackers, who prove time and again that their victims will pay large ransom sums to get exfiltrated data back. According to Semperis’ 2024 Ransomware Risk Report, 78% of organizations that were hit by a ransomware attack…
Successfully recovering from an attack on Active Directory is a race against the clock. Organizations that have been through this worst-case scenario know that being able to recover your AD is just the start: The time to recover AD is a significant factor in the extent of the damage, a…
Maintaining business continuity during and after a cyberattack has become a chief strategic objective, not just for enterprise cybersecurity, but for IT and business leadership as well. Effective Identity Threat Detection & Response (ITDR), including a documented Active Directory backup and recovery plan, is crucial to strong operational resilience. Identity…
Password spraying detection is a vital ability for all organizations. In a password spraying attack, the attacker attempts to gain unauthorized access by trying a few common or weak passwords across many accounts rather than targeting a single account with many passwords. The idea is to test several passwords, hoping…
The Digital Operational Resilience Act (DORA) is an incoming European Union (EU) legislative framework aimed at fortifying the operational resilience of digital systems within the financial sector. All finance entities that operate in or with the EU need to achieve DORA compliance by early 2025, as do information and communication…
An organization’s data is one of its most valuable assets—and a prime target for cyberattackers, who prove time and again that their victims will pay large ransom sums to get exfiltrated data back. According to Semperis’ 2024 Ransomware Risk Report, 78% of organizations that were hit by a ransomware attack…
In the ever-evolving and complex cybersecurity landscape, Active Directory remains a critical infrastructure component for managing network resources and user authentication. However, its centrality also makes it a prime target for attackers. Among these, the password-spraying attacks stand out due to their stealthy nature and potentially high impact. This article…
Security Identifier (SID) History injection is a sophisticated cyberattack vector that targets Windows Active Directory environments. This attack exploits the SID History attribute, which is intended to maintain user access rights during migrations from one domain to another. By injecting malicious SID values into this attribute, an attacker can escalate…
LDAP injection represents a formidable cyberattack vector, targeting the authentication and authorization mechanisms within your Active Directory environment. By exploiting improper input validation, attackers can manipulate LDAP statements and potentially gain unauthorized access to your directory service. Semperis cybersecurity and identity security experts have a deep understanding of LDAP injection,…
My friends know I’m a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk’s first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life, and becoming a “real” person…
Forest Druid is a free attack path discovery tool for hybrid identity environments, such as Active Directory and Entra ID. Unlike traditional tools that map attack paths from the external perimeter inwards, Forest Druid focuses on protecting the most critical assets first. This method prioritizes identifying and securing Tier 0…
Our latest Purple Knight (PK) v4.2 release introduces fundamental changes, particularly concerning the new scoring calculation. Changing from a broader approach that considered all indicators, we’ve now zeroed in on the “failed” indicators, those that highlight genuine security threats in your environment. This shift aims to ensure that the overall…
Enterprise organizations with legacy Active Directory (AD) environments have a security problem. Their AD infrastructure has likely degraded over time and now harbors multiple security vulnerabilities because of inefficient architecture, multiple misconfigurations, and poorly secured legacy applications. Yet Active Directory migration and consolidation, especially involving a sprawling AD infrastructure, is…
Active Directory (AD) migration projects can be challenging and complex. Such projects involve the migration of users, groups, computers, and applications from one AD domain or forest to another. Careful planning and execution can help your migration team complete a successful AD migration, with minimal disruption to end users and…
Active Directory (AD) is the core identity store for many organizations. As such, AD has also become a major target for bad actors. If attackers gain access to AD, they gain access to any resources in the organization. In a hybrid on-prem/cloud scenario, which is common today, that includes access…
My friends know I’m a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk’s first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life, and becoming a “real” person…
By now, we’re all familiar with the need for an “assume breach” mindset where ransomware and other cyber threats are concerned. To better understand the necessity and challenges of this approach, we partnered with international market research firm Censuswide to ask organizations about their experience with ransomware attacks. What we…
Another day, another installment in the LockBit saga. The latest development in the never-ending story of cyber-criminal gangs versus law enforcement agencies is nearly worthy of its own TV series. But what does it mean for you—the person who must defend your organization and maintain its ability to operate amidst…
Password spraying detection is a vital ability for all organizations. In a password spraying attack, the attacker attempts to gain unauthorized access by trying a few common or weak passwords across many accounts rather than targeting a single account with many passwords. The idea is to test several passwords, hoping…
The SolarWinds breach in December 2020 signified a shift in the attack path for threat actors. Cyber threats increasingly target organizations’ cloud environments, typically Microsoft Entra ID (formerly Azure AD), then move to on-premises Active Directory (AD)—or vice versa. This begs the question: How secure is your hybrid identity environment…
Key findings Golden SAML is a known attack technique discovered by CyberArk and published by Shaked Reiner. For years, Golden SAML has been known for its extraction of signing certificates from Active Directory Federation Services (AD FS) and its use of those certificates to forge SAML authentication responses. Today, we…
Key findings Within Microsoft Azure, the Directory.ReadWrite.All permission holds significant implications. This permission enables a multitude of actions, including user editing and access to all data within the directory. Sound risky? Some have argued that when employed in isolation, the permission poses no inherent risk. However, my research indicates that…
This article details a series of Semperis security research team discoveries that resulted in the ability to perform actions in Entra ID beyond expected authorization controls, based on analysis of the OAuth 2.0 scope (permissions). Our most concerning discovery involved the ability to add and remove users from privileged roles,…
Service Principal Name (SPN) scanning is a reconnaissance technique that attackers use in Active Directory environments. This method enables attackers to discover valuable services and associated accounts, which can be potential targets for further attacks such as Kerberoasting. Related reading: Protect Active Directory against Kerberoasting What is SPN scanning? Understanding…
Password spraying detection is a vital ability for all organizations. In a password spraying attack, the attacker attempts to gain unauthorized access by trying a few common or weak passwords across many accounts rather than targeting a single account with many passwords. The idea is to test several passwords, hoping…
The Digital Operational Resilience Act (DORA) is an incoming European Union (EU) legislative framework aimed at fortifying the operational resilience of digital systems within the financial sector. All finance entities that operate in or with the EU need to achieve DORA compliance by early 2025, as do information and communication…
Key findings Within Microsoft Azure, the Directory.ReadWrite.All permission holds significant implications. This permission enables a multitude of actions, including user editing and access to all data within the directory. Sound risky? Some have argued that when employed in isolation, the permission poses no inherent risk. However, my research indicates that…
This month marked two milestones for Semperis. First, Deloitte recognized the company as one of the 100 fastest growing technology companies in North America and (for the third consecutive year) one of the top 10 fastest-growing tech companies in the greater New York area. Then, the company was listed for…
On behalf of the entire team, I’m excited to share that Semperis has been named to Inc.’s 2022 list of Best Workplaces. This annual list honors workplaces that are ranked highly by their employees on topics like benefits, trust in senior leadership, change management, and career development. I could not…
You won’t want to miss the newest episode of the Hybrid Identity Podcast (HIP)! In this session, I have the pleasure of talking with IDPro founder and Salesforce Senior VP of Identity Product Management Ian Glazer. What’s new at IDPro? IDPro has become the organization for identity pros looking for…
Our latest Purple Knight (PK) v4.2 release introduces fundamental changes, particularly concerning the new scoring calculation. Changing from a broader approach that considered all indicators, we’ve now zeroed in on the “failed” indicators, those that highlight genuine security threats in your environment. This shift aims to ensure that the overall…
In an ever-evolving digital landscape, organizations rely on robust identity protection solutions to safeguard sensitive data and maintain secure operations. For most enterprise businesses, that means protecting Active Directory and Entra ID (formerly Azure AD). But identity protection is just as vital for organizations that use Okta, a cloud-based identity…
A man-in-the-middle attack, also known as an MitM attack, is a form of eavesdropping in an attempt to steal sensitive data, such as user credentials. These attacks can pose a serious threat to organizations’ network security, particularly in environments that use Microsoft Active Directory (AD) for identity management. As Active…
My friends know I’m a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk’s first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life, and becoming a “real” person…
By now, we’re all familiar with the need for an “assume breach” mindset where ransomware and other cyber threats are concerned. To better understand the necessity and challenges of this approach, we partnered with international market research firm Censuswide to ask organizations about their experience with ransomware attacks. What we…
Organisations in the financial services sector have less than a year to demonstrate DORA compliance. What is DORA, does it apply to your organisation, and how does DORA compliance intersect with one of today’s major cybersecurity concerns: identity threat detection and response (ITDR)? Semperis experts answer these questions for you….
Key findings Within Microsoft Azure, the Directory.ReadWrite.All permission holds significant implications. This permission enables a multitude of actions, including user editing and access to all data within the directory. Sound risky? Some have argued that when employed in isolation, the permission poses no inherent risk. However, my research indicates that…
This article details a series of Semperis security research team discoveries that resulted in the ability to perform actions in Entra ID beyond expected authorization controls, based on analysis of the OAuth 2.0 scope (permissions). Our most concerning discovery involved the ability to add and remove users from privileged roles,…
By now, we’re all familiar with the need for an “assume breach” mindset where ransomware and other cyber threats are concerned. To better understand the necessity and challenges of this approach, we partnered with international market research firm Censuswide to ask organizations about their experience with ransomware attacks. What we…
In Active Directory (AD) environments, you can use Group Policy Objects (GPOs) to configure user rights. By using GPOs, you can easily enforce consistent user rights policies across all computers in the domain or organizational unit (OU). This capability makes it easier to manage and maintain user access control over…
Stay informed. Get the latest news and resources on identity threat detection and response (ITDR), hybrid Active Directory (AD) security, and cyber resilience, brought to you by Semperis experts.