Semperis Surpasses $100M in ARR as Organizations Prioritize Identity System Defense
Back to blogs listing

Active Directory Security

Categories

Featured Articles

AD Security 101: GPO Logon Script Security
  • Daniel Petri | Senior Training Manager
AD Security 101: Non-Default Security Principals with DCSync Rights
  • Daniel Petri | Senior Training Manager

Chat with an expert

Modernize your AD

Request Demo

Download Purple Knight

Free Active Directory Security Assessment

Read more
How to Defend Against Silver Ticket Attacks

How to Defend Against Silver Ticket Attacks

  • Daniel Petri | Senior Training Manager
  • Feb 02, 2025

In the complex world of cybersecurity, Golden Ticket and Silver Ticket attacks stand out as two crafty methods targeting the Kerberos authentication system. Although both attacks exploit the same system, their approaches, objectives, and implications differ. Here’s what you need to know about Silver Ticket attacks, including how they differ…

Unconstrained Delegation Explained

Unconstrained Delegation Explained

  • Huy Kha | Senior Identity & Security Architect
  • Jan 26, 2025

Cybersecurity agencies from the Five Eyes alliance, including CISA and the NSA, have urged organizations to strengthen security around Microsoft Active Directory (AD), a prime target for cyberattackers. The alliance’s recent report highlights more than a dozen tactics that threat actors use to exploit AD. Among these common techniques is…

AS-REP Roasting Explained

AS-REP Roasting Explained

  • Huy Kha | Senior Identity & Security Architect
  • Jan 25, 2025

Authentication Server Response (AS-REP) Roasting enables attackers to request encrypted authentication responses for accounts in Active Directory that have Kerberos pre-authentication disabled. AS-REP Roasting is one of the Active Directory threats that cybersecurity agencies in the Five Eyes alliance warn about in the recent report, Detecting and Mitigating Active Directory…

Your DORA Compliance Checklist for Identity Defence

Your DORA Compliance Checklist for Identity Defence

  • Daniel Lattimer | Area Vice President - EMEA West
  • Jan 17, 2025

This week, the European Union’s Digital Operational Resilience Act (DORA) goes into effect in an effort to provide a clear roadmap for enhancing cybersecurity across the financial services industry. All financial entities operating in or with the EU—as well as information and communication technology (ICT) providers that support such entities—are…

Why Upgrade to Lighting Intelligence from Purple Knight

Why Upgrade to Lighting Intelligence from Purple Knight

  • Huy Kha | Senior Identity & Security Architect
  • Dec 19, 2024

For organizations of any size, managing hybrid identity security across on-premises and cloud environments can be challenging. Purple Knight has long been trusted to expose risky misconfigurations. Now, Semperis—the identity security experts behind Purple Knight—offer Lightning Intelligence, a SaaS security-posture assessment tool that automates scanning to provide continuous monitoring without…

What You Need to Know about SEC Regulation S-P Requirements and Active Directory

What You Need to Know about SEC Regulation S-P Requirements and Active Directory

  • James Doggett | Semperis CISO
  • Dec 18, 2024

CISOs in the financial sector have another new regulatory challenge to contend with. Earlier this year, the U.S. Securities and Exchange Commission (SEC) adopted new cybersecurity incident response and disclosure rules, demanding new approaches to disaster recovery planning. For affected organizations, the new SEC Regulation S-P requirements demand a new…

Zerologon Exploit Explained

Zerologon Exploit Explained

  • Huy Kha | Senior Identity & Security Architect
  • Nov 15, 2024

In a Zerologon exploit, an attacker with access to a network takes advantage of a critical flaw in the Netlogon Remote Protocol (MS-NRPC) to impersonate any computer, including a domain controller (DC). This flaw is known as Zerologon—a vulnerability that can give attackers full control over a domain. What is…

Active Directory Security Measures for U.S. State and Local Government and Education

Active Directory Security Measures for U.S. State and Local Government and Education

  • Edward Amoroso
  • Oct 24, 2024

[Editor’s note: This article is a guest post by TAG CEO and founder Ed Amoroso.] Broad cybersecurity support encompasses a wide variety of obligations, ranging from compliance documentation to user training. But the most challenging—and essential—aspect of Microsoft Active Directory (AD) security involves the detection of attacks, before, during, and…