Active Directory Security

How to Defend Against an NTLM Relay Attack

How to Defend Against an NTLM Relay Attack

  • Daniel Petri | Senior Training Manager

The NTLM relay attack poses a significant threat to organizations that use Active Directory. This attack exploits the NT LAN Manager (NTLM) authentication protocol, a challenge-response mechanism used in Windows networks for user authentication. NTLM relay attacks are not just a relic of past security concerns but a present and…

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 3)

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 3)

  • Daniel Petri | Senior Training Manager

Welcome to the final installment of this series discussing CISA and NSA top ten cybersecurity misconfigurations in the context of hybrid Active Directory environments. Active Directory is the identity system for most organizations: a critical part of your infrastructure, and a prime target for cyberattackers. This week, I’ll discuss the…

Pass the Hash Attack Defense: AD Security 101

Pass the Hash Attack Defense: AD Security 101

  • Daniel Petri | Senior Training Manager

Many Active Directory attacks begin with a stolen password. However, a Pass the Hash attack takes a different approach. In this example of credential theft, threat actors instead steal a user’s password hash. The attack is difficult to detect and can lead to privilege escalation and serious damage to your…

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 2)

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 2)

  • Daniel Petri | Senior Training Manager

When it comes to cybersecurity—especially the security of critical identity infrastructure—the minimum expectation for every organization should be closing known vulnerabilities and configuration gaps. Welcome to the second of our three-part discussion of how the CISA and NSA top ten cybersecurity misconfigurations list applies to hybrid Active Directory environments and…

How to Defend Against a Pass the Ticket Attack: AD Security 101

How to Defend Against a Pass the Ticket Attack: AD Security 101

  • Daniel Petri | Senior Training Manager

Any organization that relies on Kerberos authentication—the primary authentication method in Active Directory environments—is potentially vulnerable to a Pass the Ticket attack. Organizations that do not regularly patch their systems, monitor and secure Active Directory, and follow robust security measures for credential and ticket protection are at a higher risk.…

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective

  • Daniel Petri | Senior Training Manager

Late last year, the United States National Security Agency's (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a list of the most common vulnerabilities in large computer networks. This list of CISA and NSA top ten cybersecurity misconfigurations reveals systemic weaknesses, particularly in (though not limited to) Microsoft Windows…

Top 3 Identity-Based Attack Trends to Watch in 2024

Top 3 Identity-Based Attack Trends to Watch in 2024

  • Semperis

Each year, the total number of cyberattacks and cost of ransomware-related damage increases globally. Microsoft recently reported that attempted password attacks have soared “from around 3 billion per month to over 30 billion.” Clearly, a proactive approach to mitigating identity-based attacks is a good New Year’s resolution. To help you…

Identity Attack Watch: AD Security News, December 2023

Identity Attack Watch: AD Security News, December 2023

  • Semperis Research Team

As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To assist IT professionals in comprehending and preventing attacks that involve AD, the Semperis Research Team publishes a monthly roundup of recent cyberattacks. In this month’s…