Active Directory Security
Categories
- Active Directory Backup & Recovery (60)
- Active Directory Security (201)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (62)
- Identity Attack Catalog (17)
- Identity Threat Detection & Response (133)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (16)
- Threat Research (60)
- Uncategorized (1)
Identity Attack Watch: October 2022
- Semperis Research Team
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
Active Directory Forest Recovery Introduces New OS Provisioning Tool
- Omri Rubinstien
Even after more than 20 years of service, Active Directory (AD) remains one of the most critical components of the typical enterprise’s IT infrastructure. AD security is easy for users to take for granted when it is working. However, in the event of an attack, its criticality to business operations…
SYSVOL: Preventing a Horror Story
- Tammy Mindel
October is Cybersecurity Awareness Month, and an excellent time to bust the ghosts of configurations past. One of the actions that the Cybersecurity & Infrastructure Security Agency (CISA) and National Cybersecurity Alliance (NCA) recommend taking is “Update your software.” A perfect place to start: Rid your domains of the outdated…
Why DC Snapshots Are No Substitute for Active Directory Backups
- Sean Deuby | Principal Technologist
Most organizations have virtualized some or all their AD domain controllers (DCs). Virtualized DCs have their advantages, but they also introduce risks that didn’t exist with physical servers. One of these risks is the temptation to use hypervisor snapshots (a point-in-time VM image) for AD backups. Don’t. Let’s be clear: Even though Microsoft supports hypervisor snapshot restores since Windows Server 2012 (i.e., they won’t break AD as they could in…
Missouri School District Finds and Fixes Active Directory Security Gaps
- Semperis Team
“As a K–12 environment, our Active Directory [AD] deployment is a bit unique compared to how a standard business network would look,” says John Hallenberger, systems administrator and project leader for the Fox C-6 school district. “Users are added and removed pretty much daily. Things like complex password enforcement and…
The Growing Threat of Ransomware as a Service
- Sean Deuby | Principal Technologist
Ransomware attacks have reportedly declined this year. But don’t start celebrating just yet. “Gang models are evolving,” notes my colleague, Alexandra (Alix) Weaver, Semperis Solutions Architect. “I caution everyone: Do not let your guard down.” Part of the changing trend, Alix says, might be attributed to an increase in the…
Identity Attack Watch: September 2022
- Semperis Research Team
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
New Attack Paths? AS Requested Service Tickets
- Charlie Clark
While helping Andrew Schwartz with his Kerberos FAST post (which has more information about what FAST is and how it works, so have a read), I noticed something interesting. AS-REQs for machine accounts are unarmored. Kerberos armoring is described by Microsoft: Kerberos armoring uses a ticket-granting ticket (TGT) for the…
