Active Directory Backup & Recovery
Categories
- Active Directory Backup & Recovery (61)
- Active Directory Security (206)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (64)
- Identity Attack Catalog (23)
- Identity Threat Detection & Response (138)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (16)
- Threat Research (65)
- Uncategorized (1)
Detecting and Mitigating the PetitPotam Attack on Windows Domains
- Ran Harel
Update August 10, 2021: Microsoft released a patch that partially covers the initial PetitPotam authentication coercion through MS-EFSR. Fresh on the heels of PrintNightmare and SeriousSam, we now have another high-impact attack vector on Windows domains that is relatively easy to carry out and difficult to mitigate. What is now…
Three Steps to Harden Your Active Directory in Light of Recent Attacks
- Brian Desmond
In a recent webinar I co-hosted with Semperis (the folks behind the Purple Knight security assessment tool), we focused on a key common denominator across recent high-profile attacks—Active Directory. In the session “How Attackers Exploit Active Directory: Lessons Learned from High-Profile Breaches,” Sean Deuby and Ran Harel from Semperis joined…
The Practical ROI of a Quick Active Directory Recovery
- Sean Deuby | Principal Technologist
While every IT manager or administrator knows that a solid Active Directory recovery plan is an essential component of any business continuity strategy, calculating the practical return on investment (ROI) of an optimized AD recovery plan is notoriously tricky. Too many variables are at play to generate a defensible, exact…
Hafnium Attack Timeline
- Sean Deuby | Principal Technologist
The attacks on Microsoft Exchange servers around the world by Chinese state-sponsored threat group Hafnium are believed to have affected over 21,000 organizations. The impact of these attacks is growing as the four zero-day vulnerabilities are getting picked up by new threat actors. While the world was introduced to these…
CISA’s Ransomware Guidance Is Reminder to Include AD in Recovery Plan
- Semperis Team
Any ransomware recovery plan needs to include regular file backups and encrypted data with offline copies, as the Cybersecurity and Infrastructure Security Agency (CISA) recently reminded as part of the organization’s campaign to drive awareness of its ransomware guidance and resources. The guidance includes best practices and checklists to help…
NotPetya Flashback: The Latest Supply-Chain Attack Puts Active Directory at Risk of Compromise
- Chris Roberts
Last week, news broke that a sophisticated adversary penetrated FireEye's network and stole the company's Red Team assessment tools. The attack is reportedly linked to a larger supply-chain assault that struck government, consulting, technology, and telecom organizations throughout North America, Europe, Asia, and the Middle East. To get an idea of what this stolen toolset…
Egregor Ransomware Attack on Kmart is a Reminder that Active Directory Needs to Be Protected and Recoverable
- Darren Mar-Elia | VP of Products
The latest ransomware-as-a-service attack leaves the well-known retailer, Kmart, with service outages and a compromised Active Directory. In the wake of Maze ransomware "retiring" last month, many of its affiliates have moved to the new kid on the ransomware block, Egregor. Named after an occult term meaning the collective energy or force…
The Stakes Are Higher in Healthcare: Fighting Cybercrime During a Pandemic
- Gil Kirkpatrick
In the healthcare industry, cybersecurity issues have consequences that go well beyond the loss of data. Recently, the FBI and other federal agencies warned of a credible threat of "increased and imminent cybercrime" to U.S. hospitals and healthcare providers. Criminal groups target the healthcare sector to carry out "data theft…
