Registration for #HIPCONF25 is open!

Back to blogs listing

Identity Attack Catalog

Categories

Chat with an expert

Modernize your AD

Request Demo

Download Purple Knight

Free Active Directory Security Assessment

Read more
Pass the Hash Attack Explained

Pass the Hash Attack Explained

  • Huy Kha | Senior Identity & Security Architect
  • Apr 09, 2025

Cyber attackers can choose from numerous credential compromise methods to gain access to Active Directory. The Pass the Hash attack is one that is stealthy and efficient.

NTDS.DIT Extraction Explained

NTDS.DIT Extraction Explained

  • Huy Kha | Senior Identity & Security Architect
  • Apr 06, 2025

The Five Eyes report on Active Directory compromise lists NTDS.DIT extraction as a top attack tactic. With access to this file, attackers might be able to extract passwords hashes, which they can lead to a complete compromise of Active Directory. Learn more about NTDS.DIT extraction, how to detect it, and…

Microsoft Entra Connect Compromise Explained

Microsoft Entra Connect Compromise Explained

  • Huy Kha | Senior Identity & Security Architect
  • Mar 28, 2025

In hybrid identity environments, attackers that manage to breach either the on-premises Active Directory or cloud-based Entra ID typically attempt to expand their reach throughout your identity environment. If your identity infrastructure includes Entra ID, make sure you understand how to detect and defend against Entra Connect compromise. What is…

LDAP Reconnaissance Explained

LDAP Reconnaissance Explained

  • Huy Kha | Senior Identity & Security Architect
  • Mar 06, 2025

Lightweight Directory Access Protocol (LDAP) reconnaissance is an approach that enables attackers to discover valuable details about an organization, such as user accounts, groups, computers, and privileges. Learn how to detect LDAP reconnaissance and how cyberattackers can use this method as part of an attempt to compromise your environment. What…

Group Policy Abuse Explained

Group Policy Abuse Explained

  • Huy Kha | Senior Identity & Security Architect
  • Feb 27, 2025

Group Policy is a key configuration and access management feature in the Windows ecosystem. The breadth and level of control embodied in Group Policy Objects (GPOs) within Active Directory make Group Policy abuse a popular method for attackers who want to establish or strengthen a foothold in your environment. Here's…

Password Spraying Explained

Password Spraying Explained

  • Huy Kha | Senior Identity & Security Architect
  • Feb 22, 2025

Password spraying is a top cyber threat, named in the recent report from the cybersecurity agencies in the Five Eyes alliance. What is password spraying, how have cyberattackers used it in the past, and how can you detect and defend your hybrid Active Directory environment against password spraying attacks? What…

Golden Ticket Attack Explained

Golden Ticket Attack Explained

  • Huy Kha | Senior Identity & Security Architect
  • Feb 02, 2025

A Golden Ticket attack occurs when an attacker forges a Kerberos Ticket Granting Ticket (TGT) to gain full control over an Active Directory environment. By compromising the KRBTGT account, which signs all Kerberos tickets, the attacker can create fake tickets for any user and gain access to any resource within…

How to Defend Against Silver Ticket Attacks

How to Defend Against Silver Ticket Attacks

  • Daniel Petri | Senior Training Manager
  • Feb 02, 2025

In the complex world of cybersecurity, Golden Ticket and Silver Ticket attacks stand out as two crafty methods targeting the Kerberos authentication system. Although both attacks exploit the same system, their approaches, objectives, and implications differ. Here’s what you need to know about Silver Ticket attacks, including how they differ…