Active Directory Security

gMSA Active Directory Attacks

gMSA Active Directory Attacks

  • Yuval Gordon

This article introduces a new attack targeting Group Managed Service Accounts (gMSA), dubbed the "Golden GMSA" attack, allowing attackers to dump Key Distribution Service (KDS) root key attributes and then generate the password for all the associated gMSAs offline.  TL;DR An attacker with high privileges can obtain all the ingredients…

Defending Hybrid Identity Environments Against Cyberattacks

Defending Hybrid Identity Environments Against Cyberattacks

  • Edward Amoroso

As the world continues to embrace digital transformation and distributed work, businesses will continue to deploy SaaS apps—while continuing to use on-premises tools. Hybrid ecosystems are becoming increasingly common as a result. Unfortunately, current identity and access management (IAM) practices simply aren’t up to the task of managing them. The…

Identity Attack Watch: February 2022

Identity Attack Watch: February 2022

  • Semperis Research Team

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…

SPN-jacking: An Edge Case in WriteSPN Abuse

SPN-jacking: An Edge Case in WriteSPN Abuse

  • Elad Shamir

Some people are a hammer in search of a nail, but I'm a hammer in search of Kerberos delegation. So, when I heard that a WriteSPN edge was introduced to BloodHound 4.1, I started exploring alternative abuse techniques beyond targeted Kerberoasting, and I found an edge case (pun intended) that…

Semperis Chief Technologist Guido Grillenmeier Speaks at 18th German IT Security Congress

Semperis Chief Technologist Guido Grillenmeier Speaks at 18th German IT Security Congress

  • Oliver Keizers

Guido Grillenmeier, Semperis Chief Technologist, will contribute a presentation, "Combating an ongoing attack on an identity system," at the 18th German IT Security Congress, an event hosted by the German Federal Office for Information Security. The 18th German IT Security Congress is a high-profile event over two days with rigorously…

Identity Attack Watch: January 2022

Identity Attack Watch: January 2022

  • Semperis Research Team

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…

EMA Report: Unknown Vulnerabilities Emerge as Top Active Directory Security Concern

EMA Report: Unknown Vulnerabilities Emerge as Top Active Directory Security Concern

  • Michele Crockett

Unknown vulnerabilities are the top Active Directory security concern of IT security practitioners, according to a new report from Enterprise Management Associates (EMA). Known but unaddressed AD vulnerabilities fall closely behind. Most concerning risks to overall security posture cited by survey respondents were: Native Microsoft security flaws Social engineering attacks,…

Unconstrained Delegation in Active Directory

Unconstrained Delegation in Active Directory

  • Gil Kirkpatrick

As is often the case with Active Directory, some of the worst security gaps are caused by misconfigurations that leave open doors for potential cyber threats. One common setting that cybercriminals love to exploit is unconstrained delegation. What is unconstrained delegation, and why is unconstrained delegation a security risk? Delegation…