Hybrid Identity Protection
Categories
- Active Directory Backup & Recovery (62)
- Active Directory Security (213)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (67)
- Identity Attack Catalog (26)
- Identity Threat Detection & Response (142)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- Semperis University (1)
- The CISO's Perspective (16)
- Threat Research (68)
Introduction to Identity Forensics & Incident Response (IFIR)
- Huy Kha | Senior Identity & Security Architect
- Mar 21, 2025
From my experience at Microsoft Detection and Response Team (DART), I know that ransomware operators almost always target high-privileged identities. Once attackers gain control, they use those identities to spread ransomware; for example, through Group Policy or PsExec. Ransomware attacks are usually loud and destructive, aiming to cause maximum impact…
LDAP Reconnaissance Explained
- Huy Kha | Senior Identity & Security Architect
- Mar 06, 2025
Lightweight Directory Access Protocol (LDAP) reconnaissance is an approach that enables attackers to discover valuable details about an organization, such as user accounts, groups, computers, and privileges. Learn how to detect LDAP reconnaissance and how cyberattackers can use this method as part of an attempt to compromise your environment. What…
Group Policy Abuse Explained
- Huy Kha | Senior Identity & Security Architect
- Feb 27, 2025
Group Policy is a key configuration and access management feature in the Windows ecosystem. The breadth and level of control embodied in Group Policy Objects (GPOs) within Active Directory make Group Policy abuse a popular method for attackers who want to establish or strengthen a foothold in your environment. Here's…
AS-REP Roasting Explained
- Huy Kha | Senior Identity & Security Architect
- Jan 25, 2025
Authentication Server Response (AS-REP) Roasting enables attackers to request encrypted authentication responses for accounts in Active Directory that have Kerberos pre-authentication disabled. AS-REP Roasting is one of the Active Directory threats that cybersecurity agencies in the Five Eyes alliance warn about in the recent report, Detecting and Mitigating Active Directory…
LDAPNightmare Explained
- Eric Woodruff
- Jan 13, 2025
LDAPNightmare, recently published by SafeBreach Labs, is a proof-of-concept exploit of a known Windows Lightweight Directory Access Protocol (LDAP) denial-of-service vulnerability (CVE-2024-49113). What is LDAPNightmare, how dangerous is this exploit, and how can you detect and defend against it? What is LDAPNightmare? The December 2024 Windows update - published by…
Why Upgrade to Lighting Intelligence from Purple Knight
- Huy Kha | Senior Identity & Security Architect
- Dec 19, 2024
For organizations of any size, managing hybrid identity security across on-premises and cloud environments can be challenging. Purple Knight has long been trusted to expose risky misconfigurations. Now, Semperis—the identity security experts behind Purple Knight—offer Lightning Intelligence, a SaaS security-posture assessment tool that automates scanning to provide continuous monitoring without…
Password Spraying Detection in Active Directory
- Huy Kha | Senior Identity & Security Architect
Password spraying detection is a vital ability for all organizations. In a password spraying attack, the attacker attempts to gain unauthorized access by trying a few common or weak passwords across many accounts rather than targeting a single account with many passwords. The idea is to test several passwords, hoping…
Semperis DSP: Enhance AD and Entra ID Protection from Cyber Threats
- Eitan Bloch | Semperis Product Manager
The SolarWinds breach in December 2020 signified a shift in the attack path for threat actors. Cyber threats increasingly target organizations' cloud environments, typically Microsoft Entra ID (formerly Azure AD), then move to on-premises Active Directory (AD)—or vice versa. This begs the question: How secure is your hybrid identity environment…
