Identity Threat Detection & Response
Categories
- Active Directory Backup & Recovery (61)
- Active Directory Security (206)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (64)
- Identity Attack Catalog (23)
- Identity Threat Detection & Response (138)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (16)
- Threat Research (65)
- Uncategorized (1)
Hiding in Plain Sight — Discovering Hidden Active Directory Objects
- Darren Mar-Elia | VP of Products
Note: Updated March 30, 2022 At a past Hybrid Identity Protection Conference, several of us spoke about the ongoing use of Active Directory as a subject of interest in malware attacks. Whether it’s mining AD for information about privileged access, compromising user accounts that lead to increasing levels of privilege…
Securing Active Directory Is First Step in Aligning with New UK Financial Conduct Authority Guidelines
- Dan Bowdrey
In 2019, the Financial Conduct Authority (FCA) proposed changes to how institutions within the UK financial sector ensure operational resilience, particularly against the threat of cyberattacks. The FCA will start enforcing the guidance on March 31, 2022. All organizations regulated by the FCA will face audits to prove their compliance…
gMSA Active Directory Attacks
- Yuval Gordon
This article introduces a new attack targeting Group Managed Service Accounts (gMSA), dubbed the "Golden GMSA" attack, allowing attackers to dump Key Distribution Service (KDS) root key attributes and then generate the password for all the associated gMSAs offline. TL;DR An attacker with high privileges can obtain all the ingredients…
Identity Attack Watch: February 2022
- Semperis Research Team
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
SPN-jacking: An Edge Case in WriteSPN Abuse
- Elad Shamir
Some people are a hammer in search of a nail, but I'm a hammer in search of Kerberos delegation. So, when I heard that a WriteSPN edge was introduced to BloodHound 4.1, I started exploring alternative abuse techniques beyond targeted Kerberoasting, and I found an edge case (pun intended) that…
Identity Attack Watch: January 2022
- Semperis Research Team
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
Unconstrained Delegation in Active Directory
- Gil Kirkpatrick
As is often the case with Active Directory, some of the worst security gaps are caused by misconfigurations that leave open doors for potential cyber threats. One common setting that cybercriminals love to exploit is unconstrained delegation. What is unconstrained delegation, and why is unconstrained delegation a security risk? Delegation…
Identity Attack Watch: December 2021
- Semperis Research Team
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
