Identity Threat Detection & Response
Categories
- Active Directory Backup & Recovery (60)
- Active Directory Security (201)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (62)
- Identity Attack Catalog (17)
- Identity Threat Detection & Response (133)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (16)
- Threat Research (60)
- Uncategorized (1)
Identity Attack Watch: November 2022
- Semperis Research Team
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
SyncJacking: Hard Matching Vulnerability Enables Entra ID Account Takeover
- Tomer Nahum
This post describes an abuse of hard matching synchronization in Entra Connect that can lead to Entra ID account takeover. These findings build on the research that Semperis published in August, which described abuse of soft matching (also known as SMTP matching). This SyncJacking vulnerability means that an attacker with…
Construction Firm Strengthens its ITDR Foundation with Purple Knight
- Semperis Team
Between remote users and contractors, construction company Maple Reinders needed to get control of Active Directory (AD) user account security and shore up its Identity Threat Detection and Response (ITDR) foundation—fast. Managing AD user account sprawl Award-winning full-service construction company Maple Reinders has operated in multiple provinces across Canada for…
Identity Attack Watch: October 2022
- Semperis Research Team
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
Active Directory Forest Recovery Introduces New OS Provisioning Tool
- Omri Rubinstien
Even after more than 20 years of service, Active Directory (AD) remains one of the most critical components of the typical enterprise’s IT infrastructure. AD security is easy for users to take for granted when it is working. However, in the event of an attack, its criticality to business operations…
SYSVOL: Preventing a Horror Story
- Tammy Mindel
October is Cybersecurity Awareness Month, and an excellent time to bust the ghosts of configurations past. One of the actions that the Cybersecurity & Infrastructure Security Agency (CISA) and National Cybersecurity Alliance (NCA) recommend taking is “Update your software.” A perfect place to start: Rid your domains of the outdated…
A Community for Identity Professionals
- Sean Deuby | Principal Technologist
The concept of identity professionals wasn’t a known or accepted profession when I first started my career in information technology (IT). We were all sysadmins who also dealt with user IDs and passwords. Times have changed. In a world of distributed work, cloud software, and a perpetually evolving threat landscape,…
The Growing Threat of Ransomware as a Service
- Sean Deuby | Principal Technologist
Ransomware attacks have reportedly declined this year. But don’t start celebrating just yet. “Gang models are evolving,” notes my colleague, Alexandra (Alix) Weaver, Semperis Solutions Architect. “I caution everyone: Do not let your guard down.” Part of the changing trend, Alix says, might be attributed to an increase in the…
