Semperis Surpasses $100M in ARR as Organizations Prioritize Identity System Defense
Back to blogs listing

Threat Research

Categories

Chat with an expert

Modernize your AD

Request Demo

Download Purple Knight

Free Active Directory Security Assessment

Read more
Identity Attack Watch: July 2021

Identity Attack Watch: July 2021

  • Semperis Research Team

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…

What You Need to Know about PrintNightmare, the Critical Windows Print Spooler Vulnerability

What You Need to Know about PrintNightmare, the Critical Windows Print Spooler Vulnerability

  • Ran Harel

Update July 6, 2021: Microsoft has released a patch for CVE 2021-34527, available here. Another week, another critical vulnerability. The latest critical security flaw is dubbed “PrintNightmare,” a reference to two vulnerabilities in the Windows Print Spooler service—CVE 2021-1675 and CVE 2021-34527, published between June and July 2021. CVE 2021-1675…

Identity Attack Watch: June 2021

Identity Attack Watch: June 2021

  • Semperis Research Team

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…

Identity Attack Watch: May 2021

Identity Attack Watch: May 2021

  • Semperis Research Team

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…

How to Defend Against Ransomware-as-a-Service Groups That Attack Active Directory

How to Defend Against Ransomware-as-a-Service Groups That Attack Active Directory

  • Semperis Team

Concern about the Colonial Pipeline ransomware attack by DarkSide has expanded beyond the cybersecurity industry and into the consciousness of the everyday consumer—an indicator of the extensive implications the attack has on the global economy. In response, the Biden administration issued an executive order and held a press conference, and…

Hafnium Attack Timeline

Hafnium Attack Timeline

  • Sean Deuby | Principal Technologist

The attacks on Microsoft Exchange servers around the world by Chinese state-sponsored threat group Hafnium are believed to have affected over 21,000 organizations. The impact of these attacks is growing as the four zero-day vulnerabilities are getting picked up by new threat actors. While the world was introduced to these…

DnsAdmins Revisited

DnsAdmins Revisited

  • Yuval Gordon

How Potential Attackers Can Achieve Privileged Persistence on a DC through DnsAdmins The Semperis Research Team recently expanded on previous research showing a feature abuse in the Windows Active Directory (AD) environment where users from the DnsAdmins group could load an arbitrary DLL into a DNS service running on a…

New Research: Detecting DCShadow on Rogue Hosts

New Research: Detecting DCShadow on Rogue Hosts

  • Darren Mar-Elia | VP of Products

10,000-foot view: Many of us are familiar with the variety of tools, attacks, and adversaries that focus on breaching Active Directory. With the release in 2018 of DCShadow, another highly effective vector was added to that ever-increasing list. To the credit of the research team, along with the exploit, they…