Active Directory Security
Categories
- Active Directory Backup & Recovery (62)
- Active Directory Security (213)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (68)
- Identity Attack Catalog (28)
- Identity Threat Detection & Response (143)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- Semperis University (1)
- The CISO's Perspective (16)
- Threat Research (68)
New Research: Detecting DCShadow on Rogue Hosts
- Darren Mar-Elia | VP of Products
10,000-foot view: Many of us are familiar with the variety of tools, attacks, and adversaries that focus on breaching Active Directory. With the release in 2018 of DCShadow, another highly effective vector was added to that ever-increasing list. To the credit of the research team, along with the exploit, they…
U.S. Indictment of Sandworm Highlights the Importance of Protecting Active Directory
- Sean Deuby | Principal Technologist
The latest development in the 2017 NotPetya Attack saga should be a reminder for organizations that it only takes a handful of cybercriminals to take down all of your operations. Last week, the US Department of Justice announced charges including computer fraud and conspiracy against six hackers of the cybercriminal group known…
The Weaponization of Active Directory: An Inside Look at Ransomware Attacks Ryuk, Maze, and SaveTheQueen
- Thomas Leduc
Like never before, Active Directory (AD) is in the attackers’ crosshairs. In this blog, we'll examine how ransomware attacks are abusing AD and how enterprises can evolve their defensive strategies to stay ahead of attackers. First, a quick note about the recent privilege escalation vulnerability dubbed Zerologon, which allows an unauthenticated attacker with network access to…
Takeaways from Zerologon: The Latest Domain Controller Attack
- Thomas Leduc
If there was ever a time to re-examine the security of your Active Directory, it’s now. In response to rising concerns about the notorious Zerologon vulnerability (CVE-2020-1472), the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an "Emergency Directive" to federal agencies to apply Microsoft's patch immediately. Enterprises would…
New survey reveals dangerous gaps in crisis management plans
- Thomas Leduc
When a storm hits, the one who is most prepared is the one who will weather it best. For IT, this storm is digital, a flurry of cyberattacks that routinely touches down on the shores of Microsoft Active Directory (AD). AD is a juicy target, and we all know why.…
Vulnerabilities in Active Directory: The CISO’s Achilles Heel
- Darren Mar-Elia | VP of Products
Understanding how compromises occur is a fundamental part of forming a cybersecurity defense. With that in mind, I recently joined Andy Robbins, co-creator of the open source attack path discovery tool, BloodHound, for a webinar that outlined how attackers target Active Directory (AD). During the presentation, we spotlighted an uncomfortable truth: the center of enterprise identity services…
Why I’m Hanging Out With the Semperis Crew
- Chris Roberts
Let's start with a little history lesson... Back in 2014, there were a series of articles calling for the dismantling and death of Active Directory (AD) for various reasons. Fast forward to 2018, and we made calls for its demise, or simply that companies should take their AD servers, throw…
Understanding Group Policy Privilege Escalation in CVE-2020-1317
- Darren Mar-Elia | VP of Products
Last month, Microsoft released an advisory for CVE-2020-1317 which describes a privilege escalation vulnerability in Group Policy. This was further detailed by the discoverer of the vulnerability on the Cyberark website. The nature of this issue is interesting and worth understanding. For years, Group Policy has had this dichotomy built into its…
