Identity Threat Detection & Response
Categories
- Active Directory Backup & Recovery (60)
- Active Directory Security (201)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (62)
- Identity Attack Catalog (17)
- Identity Threat Detection & Response (133)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (16)
- Threat Research (60)
- Uncategorized (1)
Zerologon Exploit Explained
- Huy Kha | Senior Identity & Security Architect
- Nov 15, 2024
In a Zerologon exploit, an attacker with access to a network takes advantage of a critical flaw in the Netlogon Remote Protocol (MS-NRPC) to impersonate any computer, including a domain controller (DC). This flaw is known as Zerologon—a vulnerability that can give attackers full control over a domain. What is…
Password Spraying Detection in Active Directory
- Huy Kha | Senior Identity & Security Architect
- Sep 18, 2024
Password spraying detection is a vital ability for all organizations. In a password spraying attack, the attacker attempts to gain unauthorized access by trying a few common or weak passwords across many accounts rather than targeting a single account with many passwords. The idea is to test several passwords, hoping…
The 5 Pillars for DORA Compliance in Active Directory
- Daniel Lattimer | Area Vice President - EMEA West
- Aug 30, 2024
The Digital Operational Resilience Act (DORA) is an incoming European Union (EU) legislative framework aimed at fortifying the operational resilience of digital systems within the financial sector. All finance entities that operate in or with the EU need to achieve DORA compliance by early 2025, as do information and communication…
A New App Consent Attack: Hidden Consent Grant
- Adi Malyanker | Security Researcher
- Aug 13, 2024
Key findings An Application Consent attack, also known as an Illicit Consent Grant attack, is a type of phishing attack in which a malicious actor gains access to an application and then exploits permissions that have been granted to that app. Semperis researcher Adi Malyanker has discovered that under certain…
UnOAuthorized: Privilege Elevation Through Microsoft Applications
- Eric Woodruff
- Aug 07, 2024
This article details a series of Semperis security research team discoveries that resulted in the ability to perform actions in Entra ID beyond expected authorization controls, based on analysis of the OAuth 2.0 scope (permissions). Our most concerning discovery involved the ability to add and remove users from privileged roles,…
Hello, My Name Is Domain Admin
- Mickey Bresman
- Aug 05, 2024
My friends know I'm a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk's first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life, and becoming a "real" person…
Strengthening Cyber Incident Response with Forest Druid
- Huy Kha | Senior Identity & Security Architect
- Aug 01, 2024
Forest Druid is a free cyber attack path discovery tool for hybrid identity environments, such as Active Directory and Entra ID. Unlike traditional tools that map attack paths from the external perimeter inwards, Forest Druid focuses on protecting the most critical assets first. This method prioritizes identifying and securing Tier…
New Ransomware Statistics Reveal Increased Need for Active Directory Security and Resilience
- Mickey Bresman
- Jul 31, 2024
By now, we’re all familiar with the need for an “assume breach” mindset where ransomware and other cyber threats are concerned. To better understand the necessity and challenges of this approach, we partnered with international market research firm Censuswide to ask organizations about their experience with ransomware attacks. What we…
