Hybrid Identity Protection
Categories
- Active Directory Backup & Recovery (60)
- Active Directory Security (201)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (62)
- Identity Attack Catalog (17)
- Identity Threat Detection & Response (133)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (16)
- Threat Research (60)
- Uncategorized (1)
Why Upgrade to Lighting Intelligence from Purple Knight
- Huy Kha | Senior Identity & Security Architect
- Dec 19, 2024
For organizations of any size, managing hybrid identity security across on-premises and cloud environments can be challenging, and Purple Knight has long been trusted to expose risky misconfigurations. Lightning Intelligence, a SaaS security posture assessment, automates scanning to provide continuous monitoring without the need for periodic manual assessments. Small and…
Password Spraying Detection in Active Directory
- Huy Kha | Senior Identity & Security Architect
- Sep 18, 2024
Password spraying detection is a vital ability for all organizations. In a password spraying attack, the attacker attempts to gain unauthorized access by trying a few common or weak passwords across many accounts rather than targeting a single account with many passwords. The idea is to test several passwords, hoping…
Semperis DSP: Enhance AD and Entra ID Protection from Cyber Threats
- Eitan Bloch | Semperis Product Manager
The SolarWinds breach in December 2020 signified a shift in the attack path for threat actors. Cyber threats increasingly target organizations' cloud environments, typically Microsoft Entra ID (formerly Azure AD), then move to on-premises Active Directory (AD)—or vice versa. This begs the question: How secure is your hybrid identity environment…
Meet Silver SAML: Golden SAML in the Cloud
- Tomer Nahum and Eric Woodruff
Key findings Golden SAML, an attack technique that exploits the SAML single sign-on protocol, was used as a post-breach exploit, compounding the devastating SolarWinds attack of 2020—one of the largest breaches of the 21st century. The supply chain SolarWinds attack affected thousands of organizations around the world, including the U.S.…
How to Defend Against an Overpass the Hash Attack
- Daniel Petri | Senior Training Manager
In the constantly evolving landscape of cyber threats, the Overpass the Hash attack is a potent vector. Leveraging the NTLM authentication protocol, this attack enables adversaries to bypass the need for plaintext passwords. Instead, an Overpass the Hash attack employs a user's hash to authenticate and potentially escalate privileges. As…
MFA for Active Directory: An Overview
- Sean Deuby | Principal Technologist
Modern information security is built on a layered defense. Each layer supports the others and presents additional obstacles to threat actors. From patch management to perimeter firewalls, each layer makes it more difficult for attackers to compromise your network. Multifactor authentication (MFA) is one of these layers. MFA has many…
NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 3)
- Daniel Petri | Senior Training Manager
Welcome to the final installment of this series discussing CISA and NSA top ten cybersecurity misconfigurations in the context of hybrid Active Directory environments. Active Directory is the identity system for most organizations: a critical part of your infrastructure, and a prime target for cyberattackers. This week, I’ll discuss the…
NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 2)
- Daniel Petri | Senior Training Manager
When it comes to cybersecurity—especially the security of critical identity infrastructure—the minimum expectation for every organization should be closing known vulnerabilities and configuration gaps. Welcome to the second of our three-part discussion of how the CISA and NSA top ten cybersecurity misconfigurations list applies to hybrid Active Directory environments and…
