Active Directory Security Blog posts from AD security experts

Hospital Cyberattacks Highlight Importance of Active Directory Security

Michael Choo
Mar 24, 2025

Two back-to-back incidents—part of a global increase in cyberattacks on healthcare organizations—followed common pathways to exploit AD security vulnerabilities.

Introduction to Identity Forensics & Incident Response (IFIR)

Huy Kha | Senior Identity & Security Architect
Mar 21, 2025

From my experience at Microsoft Detection and Response Team (DART), I know that ransomware operators almost always target high-privileged identities. Once attackers gain control, they use those identities to spread ransomware; for example, through Group Policy or PsExec. Ransomware attacks are usually loud and destructive, aiming to cause maximum impact…

Leveraging NIST CSF for Public Sector Cybersecurity

Edward Amoroso
Mar 18, 2025

[Editor’s note: This article is a guest post by TAG CEO and founder Ed Amoroso.] Cybersecurity practitioners working for federal agencies in the United States know that they must learn to decode various acronyms such as FedRAMP, FISMA, RMF, and on and on. They must do so because the standards…

LDAP Reconnaissance Explained

Huy Kha | Senior Identity & Security Architect
Mar 06, 2025

Lightweight Directory Access Protocol (LDAP) reconnaissance is an approach that enables attackers to discover valuable details about an organization, such as user accounts, groups, computers, and privileges. Learn how to detect LDAP reconnaissance and how cyberattackers can use this method as part of an attempt to compromise your environment. What…

Effective GPO Change Auditing with Directory Services Protector

Huy Kha | Senior Identity & Security Architect
Mar 01, 2025

Tracking Group Policy changes can be tricky, especially in large environments with numerous Group Policy Objects (GPOs) linked to different organizational units (OUs). Yet GPO change auditing is a vital part of effective cybersecurity. Without proper visibility, critical changes—whether due to accidental misconfigurations or malicious activity—can easily slip under the…

Group Policy Abuse Explained

Huy Kha | Senior Identity & Security Architect
Feb 27, 2025

Group Policy is a key configuration and access management feature in the Windows ecosystem. The breadth and level of control embodied in Group Policy Objects (GPOs) within Active Directory make Group Policy abuse a popular method for attackers who want to establish or strengthen a foothold in your environment. Here's…

Password Spraying Explained

Huy Kha | Senior Identity & Security Architect
Feb 22, 2025

Password spraying is a top cyber threat, named in the recent report from the cybersecurity agencies in the Five Eyes alliance. What is password spraying, how have cyberattackers used it in the past, and how can you detect and defend your hybrid Active Directory environment against password spraying attacks? What…

Golden Ticket Attack Explained

Huy Kha | Senior Identity & Security Architect
Feb 02, 2025

A Golden Ticket attack occurs when an attacker forges a Kerberos Ticket Granting Ticket (TGT) to gain full control over an Active Directory environment. By compromising the KRBTGT account, which signs all Kerberos tickets, the attacker can create fake tickets for any user and gain access to any resource within…

New Forrester TEI Report: Semperis Slashes Downtime by 90%, Saving Customers Millions

Semperis Extends ML-Based Attack Detection with Specialized Identity Risk Focus

Semperis Wins CRN’s Prestigious Partner Program Guide Three Consecutive Years

Semperis Ransomware Study Reveals 86% of Ransomware Victims Targeted on a Weekend or Holiday

Semperis Named to Inc. Magazine’s Annual List of Best Workplaces for Third Consecutive Year

Active Directory Security

Categories

Featured Articles

Chat with an expert

Download Purple Knight