Threat Research
Categories
- Active Directory Backup & Recovery (61)
- Active Directory Security (206)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (64)
- Identity Attack Catalog (23)
- Identity Threat Detection & Response (138)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (16)
- Threat Research (65)
- Uncategorized (1)
Transitive Trust and Breaking Trust Transitivity: AD Security 101
- Charlie Clark
While playing with Kerberos tickets, I discovered an issue that allowed me to authenticate to other domains within an Active Directory (AD) forest across external non-transitive trusts. This means that there is in fact no such thing as a “non-transitive trust.” The term is at best misleading and offers systems…
Identity Attack Watch: AD Security News, February 2023
- Semperis Research Team
As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To help IT and identity security professionals understand and improve AD security, the Semperis Research Team publishes a monthly roundup of recent identity-related cyberattacks. This month's…
Identity Attack Watch: AD Security News, January 2023
- Semperis Research Team
Cyberattacks targeting Active Directory are on the upswing, putting pressure on identity and Active Directory (AD) security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that…
Identity Attack Watch: December 2022
- Semperis Research Team
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
Identity Attack Watch: November 2022
- Semperis Research Team
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
SyncJacking: Hard Matching Vulnerability Enables Entra ID Account Takeover
- Tomer Nahum
This post describes an abuse of hard matching synchronization in Entra Connect that can lead to Entra ID account takeover. These findings build on the research that Semperis published in August, which described abuse of soft matching (also known as SMTP matching). This SyncJacking vulnerability means that an attacker with…
Identity Attack Watch: October 2022
- Semperis Research Team
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
SYSVOL: Preventing a Horror Story
- Tammy Mindel
October is Cybersecurity Awareness Month, and an excellent time to bust the ghosts of configurations past. One of the actions that the Cybersecurity & Infrastructure Security Agency (CISA) and National Cybersecurity Alliance (NCA) recommend taking is “Update your software.” A perfect place to start: Rid your domains of the outdated…
