Threat Research
Categories
- Active Directory Backup & Recovery (61)
- Active Directory Security (206)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (64)
- Identity Attack Catalog (23)
- Identity Threat Detection & Response (138)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (16)
- Threat Research (65)
- Uncategorized (1)
Golden Ticket Attack Explained
- Huy Kha | Senior Identity & Security Architect
- Feb 02, 2025
A Golden Ticket attack occurs when an attacker forges a Kerberos Ticket Granting Ticket (TGT) to gain full control over an Active Directory environment. By compromising the KRBTGT account, which signs all Kerberos tickets, the attacker can create fake tickets for any user and gain access to any resource within…
How to Defend Against Silver Ticket Attacks
- Daniel Petri | Senior Training Manager
- Feb 02, 2025
In the complex world of cybersecurity, Golden Ticket and Silver Ticket attacks stand out as two crafty methods targeting the Kerberos authentication system. Although both attacks exploit the same system, their approaches, objectives, and implications differ. Here’s what you need to know about Silver Ticket attacks, including how they differ…
Unconstrained Delegation Explained
- Huy Kha | Senior Identity & Security Architect
- Jan 26, 2025
Cybersecurity agencies from the Five Eyes alliance, including CISA and the NSA, have urged organizations to strengthen security around Microsoft Active Directory (AD), a prime target for cyberattackers. The alliance’s recent report highlights more than a dozen tactics that threat actors use to exploit AD. Among these common techniques is…
AS-REP Roasting Explained
- Huy Kha | Senior Identity & Security Architect
- Jan 25, 2025
Authentication Server Response (AS-REP) Roasting enables attackers to request encrypted authentication responses for accounts in Active Directory that have Kerberos pre-authentication disabled. AS-REP Roasting is one of the Active Directory threats that cybersecurity agencies in the Five Eyes alliance warn about in the recent report, Detecting and Mitigating Active Directory…
LDAPNightmare Explained
- Eric Woodruff
- Jan 13, 2025
LDAPNightmare, recently published by SafeBreach Labs, is a proof-of-concept exploit of a known Windows Lightweight Directory Access Protocol (LDAP) denial-of-service vulnerability (CVE-2024-49113). What is LDAPNightmare, how dangerous is this exploit, and how can you detect and defend against it? What is LDAPNightmare? The December 2024 Windows update - published by…
A New App Consent Attack: Hidden Consent Grant
- Adi Malyanker | Security Researcher
- Aug 13, 2024
Key findings An Application Consent attack, also known as an Illicit Consent Grant attack, is a type of phishing attack in which a malicious actor gains access to an application and then exploits permissions that have been granted to that app. Semperis researcher Adi Malyanker has discovered that under certain…
UnOAuthorized: Privilege Elevation Through Microsoft Applications
- Eric Woodruff
- Aug 07, 2024
This article details a series of Semperis security research team discoveries that resulted in the ability to perform actions in Entra ID beyond expected authorization controls, based on analysis of the OAuth 2.0 scope (permissions). Our most concerning discovery involved the ability to add and remove users from privileged roles,…
New Ransomware Statistics Reveal Increased Need for Active Directory Security and Resilience
- Mickey Bresman
By now, we’re all familiar with the need for an “assume breach” mindset where ransomware and other cyber threats are concerned. To better understand the necessity and challenges of this approach, we partnered with international market research firm Censuswide to ask organizations about their experience with ransomware attacks. What we…
