Active Directory Security

How to Defend Against a Pass the Ticket Attack: AD Security 101

How to Defend Against a Pass the Ticket Attack: AD Security 101

  • Daniel Petri | Senior Training Manager

Any organization that relies on Kerberos authentication—the primary authentication method in Active Directory environments—is potentially vulnerable to a Pass the Ticket attack. Organizations that do not regularly patch their systems, monitor and secure Active Directory, and follow robust security measures for credential and ticket protection are at a higher risk.…

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective

  • Daniel Petri | Senior Training Manager

Late last year, the United States National Security Agency's (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a list of the most common vulnerabilities in large computer networks. This list of CISA and NSA top ten cybersecurity misconfigurations reveals systemic weaknesses, particularly in (though not limited to) Microsoft Windows…

Top 3 Identity-Based Attack Trends to Watch in 2024

Top 3 Identity-Based Attack Trends to Watch in 2024

  • Semperis

Each year, the total number of cyberattacks and cost of ransomware-related damage increases globally. Microsoft recently reported that attempted password attacks have soared “from around 3 billion per month to over 30 billion.” Clearly, a proactive approach to mitigating identity-based attacks is a good New Year’s resolution. To help you…

Identity Attack Watch: AD Security News, December 2023

Identity Attack Watch: AD Security News, December 2023

  • Semperis Research Team

As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To assist IT professionals in comprehending and preventing attacks that involve AD, the Semperis Research Team publishes a monthly roundup of recent cyberattacks. In this month’s…

Holiday Cybersecurity Tips

Holiday Cybersecurity Tips

  • Sean Deuby | Principal Technologist

The holidays are a busy time for shoppers, retail businesses—and cybercriminals. The Cybersecurity and Infrastructure Security Agency (CISA) has previously noted “an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed” and has called holiday shopping seasons “a prime opportunity for bad actors to…

Identity Attack Watch: AD Security News, November 2023

Identity Attack Watch: AD Security News, November 2023

  • Semperis Research Team

As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To assist IT professionals in comprehending and preventing attacks that involve AD, the Semperis Research Team publishes a monthly roundup of recent cyberattacks. In this month’s…

Identity Attack Watch: AD Security News, October 2023

Identity Attack Watch: AD Security News, October 2023

  • Semperis Research Team

As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To assist IT professionals in comprehending and preventing attacks that involve AD, the Semperis Research Team publishes a monthly roundup of recent cyberattacks. In this month’s…

Active Directory Security Best Practices

Active Directory Security Best Practices

  • Sean Deuby | Principal Technologist

Within your IT infrastructure, Active Directory (AD) is the central hub for controlling access to resources and keeping your business operational. However, Active Directory’s importance to your organization puts it in the crosshairs of threat actors. If Active Directory is successfully breached, attackers can get their hands on privileged credentials…