Active Directory Security

New Azure AD Security Indicators Help Protect Hybrid Identity Environments

New Azure AD Security Indicators Help Protect Hybrid Identity Environments

  • Itay Nachum

Hybrid computing environments will be the norm for the foreseeable future: According to a 2021 Gartner report, only 3% of mid-sized and large organizations will migrate completely from on-premises Active Directory (AD) to a cloud-based identity service by 2025. But IT leaders managing hybrid environments face an increasingly complex challenge:…

Identity Attack Watch: March 2022

Identity Attack Watch: March 2022

  • Semperis Research Team

Cyberattacks targeting Active Directory (AD) are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used…

new cybersecurity resilience

Hiding in Plain Sight — Discovering Hidden Active Directory Objects

  • Darren Mar-Elia | VP of Products

Note: Updated March 30, 2022 At a past Hybrid Identity Protection Conference, several of us spoke about the ongoing use of Active Directory as a subject of interest in malware attacks. Whether it’s mining AD for information about privileged access, compromising user accounts that lead to increasing levels of privilege…

Securing Active Directory Is First Step in Aligning with New UK Financial Conduct Authority Guidelines

Securing Active Directory Is First Step in Aligning with New UK Financial Conduct Authority Guidelines

  • Dan Bowdrey

In 2019, the Financial Conduct Authority (FCA) proposed changes to how institutions within the UK financial sector ensure operational resilience, particularly against the threat of cyberattacks. The FCA will start enforcing the guidance on March 31, 2022. All organizations regulated by the FCA will face audits to prove their compliance…

gMSA Active Directory Attacks

gMSA Active Directory Attacks

  • Yuval Gordon

This article introduces a new attack targeting Group Managed Service Accounts (gMSA), dubbed the "Golden GMSA" attack, allowing attackers to dump Key Distribution Service (KDS) root key attributes and then generate the password for all the associated gMSAs offline.  TL;DR An attacker with high privileges can obtain all the ingredients…

Defending Hybrid Identity Environments Against Cyberattacks

Defending Hybrid Identity Environments Against Cyberattacks

  • Edward Amoroso

As the world continues to embrace digital transformation and distributed work, businesses will continue to deploy SaaS apps—while continuing to use on-premises tools. Hybrid ecosystems are becoming increasingly common as a result. Unfortunately, current identity and access management (IAM) practices simply aren’t up to the task of managing them. The…

Identity Attack Watch: February 2022

Identity Attack Watch: February 2022

  • Semperis Research Team

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…

SPN-jacking: An Edge Case in WriteSPN Abuse

SPN-jacking: An Edge Case in WriteSPN Abuse

  • Elad Shamir

Some people are a hammer in search of a nail, but I'm a hammer in search of Kerberos delegation. So, when I heard that a WriteSPN edge was introduced to BloodHound 4.1, I started exploring alternative abuse techniques beyond targeted Kerberoasting, and I found an edge case (pun intended) that…