Threat Research

How Attackers Can Use Active Directory Primary Group Membership for Defense Evasion

How Attackers Can Use Active Directory Primary Group Membership for Defense Evasion

  • Yuval Gordon

Identity systems—particularly Active Directory, which is the primary identity store for most businesses—are constantly under attack by cybercriminals because they are the gateway to an organization’s critical information systems, including valuable customer data. Here we'll explore a little-known Discretionary Access Control List (DACL) tactic that attackers can use to hide…

Identity Attack Watch: August 2021

Identity Attack Watch: August 2021

  • Semperis Research Team

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…

Detecting and Mitigating the PetitPotam Attack on Windows Domains

Detecting and Mitigating the PetitPotam Attack on Windows Domains

  • Ran Harel

Update August 10, 2021: Microsoft released a patch that partially covers the initial PetitPotam authentication coercion through MS-EFSR.  Fresh on the heels of PrintNightmare and SeriousSam, we now have another high-impact attack vector on Windows domains that is relatively easy to carry out and difficult to mitigate. What is now…

Identity Attack Watch: July 2021

Identity Attack Watch: July 2021

  • Semperis Research Team

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…

What You Need to Know about PrintNightmare, the Critical Windows Print Spooler Vulnerability

What You Need to Know about PrintNightmare, the Critical Windows Print Spooler Vulnerability

  • Ran Harel

Update July 6, 2021: Microsoft has released a patch for CVE 2021-34527, available here. Another week, another critical vulnerability. The latest critical security flaw is dubbed “PrintNightmare,” a reference to two vulnerabilities in the Windows Print Spooler service—CVE 2021-1675 and CVE 2021-34527, published between June and July 2021. CVE 2021-1675…

Identity Attack Watch: June 2021

Identity Attack Watch: June 2021

  • Semperis Research Team

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…

Identity Attack Watch: May 2021

Identity Attack Watch: May 2021

  • Semperis Research Team

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…

How to Defend Against Ransomware-as-a-Service Groups That Attack Active Directory

How to Defend Against Ransomware-as-a-Service Groups That Attack Active Directory

  • Semperis Team

Concern about the Colonial Pipeline ransomware attack by DarkSide has expanded beyond the cybersecurity industry and into the consciousness of the everyday consumer—an indicator of the extensive implications the attack has on the global economy. In response, the Biden administration issued an executive order and held a press conference, and…