Active Directory Security
Categories
- Active Directory Backup & Recovery (62)
- Active Directory Security (213)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (68)
- Identity Attack Catalog (27)
- Identity Threat Detection & Response (143)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- Semperis University (1)
- The CISO's Perspective (16)
- Threat Research (68)
gMSA Active Directory Attacks
- Yuval Gordon
This article introduces a new attack targeting Group Managed Service Accounts (gMSA), dubbed the "Golden GMSA" attack, allowing attackers to dump Key Distribution Service (KDS) root key attributes and then generate the password for all the associated gMSAs offline. TL;DR An attacker with high privileges can obtain all the ingredients…
Defending Hybrid Identity Environments Against Cyberattacks
- Edward Amoroso
As the world continues to embrace digital transformation and distributed work, businesses will continue to deploy SaaS apps—while continuing to use on-premises tools. Hybrid ecosystems are becoming increasingly common as a result. Unfortunately, current identity and access management (IAM) practices simply aren’t up to the task of managing them. The…
Identity Attack Watch: February 2022
- Semperis Research Team
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
SPN-jacking: An Edge Case in WriteSPN Abuse
- Elad Shamir
Some people are a hammer in search of a nail, but I'm a hammer in search of Kerberos delegation. So, when I heard that a WriteSPN edge was introduced to BloodHound 4.1, I started exploring alternative abuse techniques beyond targeted Kerberoasting, and I found an edge case (pun intended) that…
Semperis Chief Technologist Guido Grillenmeier Speaks at 18th German IT Security Congress
- Oliver Keizers
Guido Grillenmeier, Semperis Chief Technologist, will contribute a presentation, "Combating an ongoing attack on an identity system," at the 18th German IT Security Congress, an event hosted by the German Federal Office for Information Security. The 18th German IT Security Congress is a high-profile event over two days with rigorously…
Identity Attack Watch: January 2022
- Semperis Research Team
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
EMA Report: Unknown Vulnerabilities Emerge as Top Active Directory Security Concern
- Michele Crockett
Unknown vulnerabilities are the top Active Directory security concern of IT security practitioners, according to a new report from Enterprise Management Associates (EMA). Known but unaddressed AD vulnerabilities fall closely behind. Most concerning risks to overall security posture cited by survey respondents were: Native Microsoft security flaws Social engineering attacks,…
Unconstrained Delegation in Active Directory
- Gil Kirkpatrick
As is often the case with Active Directory, some of the worst security gaps are caused by misconfigurations that leave open doors for potential cyber threats. One common setting that cybercriminals love to exploit is unconstrained delegation. What is unconstrained delegation, and why is unconstrained delegation a security risk? Delegation…
