Featured posts
- Sean Deuby | Principal Technologist, Americas
- Dec 23, 2025
Categories
- Eric Woodruff | Chief Identity Architect
- Jan 05, 2026
- Semperis
- Dec 30, 2025
- Alex Weinert | Chief Product Officer
- Oct 08, 2025
Latest posts
- Tomer Nahum
- Jan 13, 2026
- Eric Woodruff | Chief Identity Architect
- Jan 05, 2026
- Semperis
- Dec 30, 2025
- Sean Deuby | Principal Technologist, Americas
- Dec 23, 2025
- Jonathan Elkabas and Tomer Nahum
- Nov 06, 2025
- Andrea Pierini
- Oct 29, 2025
- Alex Weinert | Chief Product Officer
- Oct 08, 2025
- Chris Salzgeber | Product Manager, Integrations
- Sep 17, 2025
Categories
Active Directory Backup & Recovery
Identity Recovery and Crisis Management Are Inseparable for Effective Incident Response
- Alex Weinert | Chief Product Officer
- Oct 08, 2025
When a cyber incident hits, chaos reigns. The business is panicking, the pressure is on, and performance relies on the team’s ability to collaborate and innovate. Ready1 for Identity Crisis Management brings teams and tools together, streamlining IR and identity recovery—and speeding your return to normal business operations.
Unlocking Unmatched Identity Resilience: The Semperis-Cohesity Partnership
- Chris Salzgeber | Product Manager, Integrations
- Sep 17, 2025
The Semperis-Cohesity partnership is the convergence of two industry leaders, each with singular expertise. With Cohesity Identity Resilience, organizations can be confident that their critical identity systems are secure and recoverable.
5 Keys to Fault-Tolerant Active Directory Recovery
- Kriss Stephen | Principal Solutions Architect
- Aug 05, 2025
Active Directory (AD) forest recovery is one of the most complex tasks an IT professional can face—so you don’t want to be unprepared during a live incident. Learn 5 key elements you need to ensure fault-tolerant recovery in your worst-case scenario.
Active Directory Security
SyncJacking: Hard Matching Vulnerability Enables Entra ID Account Takeover
- Tomer Nahum
- Jan 13, 2026
Attackers with certain privileges can abuse Entra Connect hard matching synchronization to take over synchronized Entra ID accounts.
Best Cybersecurity Conferences for Identity Security Professionals in 2026
- Semperis
- Dec 30, 2025
For anyone safeguarding hybrid identity systems, continuous learning and cyber community engagement are critical. Here are our top picks for conferences that deliver a laser-focus on identity security—and the technical knowledge you need to stay ahead of threats.
What CISOs Need to Know About Fighting Ransomware in 2026
- Sean Deuby | Principal Technologist, Americas
- Dec 23, 2025
The fastest way to turn a cyber incident into a business outage is through identity system compromise. Ransomware continues to exploit that fact—and the consequences are real. Here are practical, board-ready steps CISOs can take to boost resilience when those attacks happen.
AD Security 101
How to Defend Against a Password Spraying Attack
- Daniel Petri | Senior Training Manager
Active Directory remains a critical infrastructure component for managing network resources, login credentials, and user authentication. Yet its centrality makes it a prime target for cyberattacks. One such evolving cyberattack is password spraying, a threat that’s gained in complexity in recent years. Password spraying attacks stand out due to their…
How to Defend Against SID History Injection
- Daniel Petri | Senior Training Manager
Security Identifier (SID) History injection is a sophisticated cyberattack vector that targets Windows Active Directory environments. This attack exploits the SID History attribute, which is intended to maintain user access rights during migrations from one domain to another. By injecting malicious SID values into this attribute, an attacker can escalate…
LDAP Injection Attack Defense: AD Security 101
- Daniel Petri | Senior Training Manager
LDAP injection represents a formidable cyberattack vector, targeting the authentication and authorization mechanisms within your Active Directory environment. By exploiting improper input validation, attackers can manipulate LDAP statements and potentially gain unauthorized access to your directory service. Semperis cybersecurity and identity security experts have a deep understanding of LDAP injection,…
Community Tools
EntraGoat Scenario 3: Exploiting Group Ownership in Entra ID
- Jonathan Elkabas and Tomer Nahum
- Nov 06, 2025
Dive into EntraGoat Scenario 3, where you’ll discover how individually legitimate Entra ID features, when combined with misconfigured group ownership, can cascade into a privilege escalation chain that elevates a low-level account into a tenant-wide threat.
EntraGoat Scenario 6: Exploiting Certificate-Based Authentication to Impersonate Global Admin in Entra ID
- Jonathan Elkabas and Tomer Nahum
- Aug 12, 2025
Editor’s note This scenario is part of a series of examples demonstrating the use of EntraGoat, our Entra ID simulation environment. You can read an overview of EntraGoat and its value here. Certificate Bypass Authority–Root Access Granted EntraGoat Scenario 6 details a privilege escalation technique in Microsoft Entra ID where…
EntraGoat Scenario 2: Exploiting App-Only Graph Permissions in Entra ID
- Jonathan Elkabas and Tomer Nahum
- Aug 05, 2025
In our second EntraGoat attack scenario, follow the steps from a carelessly leaked certificate to capture the Global Admin password—and full Entra ID compromise.
Directory Modernization
Security-Centric Active Directory Migration and Consolidation
- Michael Masciulli
Enterprise organizations with legacy Active Directory (AD) environments have a security problem. Their AD infrastructure has likely degraded over time and now harbors multiple security vulnerabilities because of inefficient architecture, multiple misconfigurations, and poorly secured legacy applications. Yet Active Directory migration and consolidation, especially involving a sprawling AD infrastructure, is…
Active Directory Migration: 15 Steps to Success
- Daniel Petri | Senior Training Manager
Active Directory (AD) migration projects can be challenging and complex. Such projects involve the migration of users, groups, computers, and applications from one AD domain or forest to another. Careful planning and execution can help your migration team complete a successful AD migration, with minimal disruption to end users and…
Why AD Modernization Is Critical to Your Cybersecurity Program
- Mickey Bresman
Active Directory (AD) is the core identity store for many organizations. As such, AD has also become a major target for bad actors. If attackers gain access to AD, they gain access to any resources in the organization. In a hybrid on-prem/cloud scenario, which is common today, that includes access…
From the Front Lines
What CISOs Need to Know About Fighting Ransomware in 2026
- Sean Deuby | Principal Technologist, Americas
- Dec 23, 2025
The fastest way to turn a cyber incident into a business outage is through identity system compromise. Ransomware continues to exploit that fact—and the consequences are real. Here are practical, board-ready steps CISOs can take to boost resilience when those attacks happen.
Hello, My Name Is Domain Admin
- Mickey Bresman
My friends know I’m a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk’s first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life, and becoming a “real” person…
New Ransomware Statistics Reveal Increased Need for Active Directory Security and Resilience
- Mickey Bresman
By now, we’re all familiar with the need for an “assume breach” mindset where ransomware and other cyber threats are concerned. To better understand the necessity and challenges of this approach, we partnered with international market research firm Censuswide to ask organizations about their experience with ransomware attacks. What we…
Hybrid Identity Protection
Best Cybersecurity Conferences for Identity Security Professionals in 2026
- Semperis
- Dec 30, 2025
For anyone safeguarding hybrid identity systems, continuous learning and cyber community engagement are critical. Here are our top picks for conferences that deliver a laser-focus on identity security—and the technical knowledge you need to stay ahead of threats.
EntraGoat Scenario 3: Exploiting Group Ownership in Entra ID
- Jonathan Elkabas and Tomer Nahum
- Nov 06, 2025
Dive into EntraGoat Scenario 3, where you’ll discover how individually legitimate Entra ID features, when combined with misconfigured group ownership, can cascade into a privilege escalation chain that elevates a low-level account into a tenant-wide threat.
Unlocking Unmatched Identity Resilience: The Semperis-Cohesity Partnership
- Chris Salzgeber | Product Manager, Integrations
- Sep 17, 2025
The Semperis-Cohesity partnership is the convergence of two industry leaders, each with singular expertise. With Cohesity Identity Resilience, organizations can be confident that their critical identity systems are secure and recoverable.
Identity Attack Catalog
How to Defend Against Password Guessing Attacks
- Daniel Petri | Senior Training Manager
Here’s what you need to know about password guessing and how to protect Active Directory—and your organization.
Group Policy Preferences Abuse Explained
- Huy Kha | Senior Identity & Security Architect
The Group Policy Preferences feature provides a well-known pathway for cyber attackers to discover easily decoded passwords in Active Directory. Learn to spot and defend against this vulnerability.
ESC1 Attack Explained
- Huy Kha | Senior Identity & Security Architect
Discover how certificate template misconfigurations in Active Directory Certificate Services (AD CS) enable ESC1 attacks—allowing cyber attackers to rapidly escalate privileges and potentially compromise entire networks.
Identity Threat Detection & Response
SyncJacking: Hard Matching Vulnerability Enables Entra ID Account Takeover
- Tomer Nahum
- Jan 13, 2026
Attackers with certain privileges can abuse Entra Connect hard matching synchronization to take over synchronized Entra ID accounts.
Best Cybersecurity Conferences for Identity Security Professionals in 2026
- Semperis
- Dec 30, 2025
For anyone safeguarding hybrid identity systems, continuous learning and cyber community engagement are critical. Here are our top picks for conferences that deliver a laser-focus on identity security—and the technical knowledge you need to stay ahead of threats.
What CISOs Need to Know About Fighting Ransomware in 2026
- Sean Deuby | Principal Technologist, Americas
- Dec 23, 2025
The fastest way to turn a cyber incident into a business outage is through identity system compromise. Ransomware continues to exploit that fact—and the consequences are real. Here are practical, board-ready steps CISOs can take to boost resilience when those attacks happen.
Our Mission: Be a Force for Good
Duns 100 Ranks Semperis in Top 15 to Work For
- Yarden Gur
This month marked two milestones for Semperis. First, Deloitte recognized the company as one of the 100 fastest growing technology companies in North America and (for the third consecutive year) one of the top 10 fastest-growing tech companies in the greater New York area. Then, the company was listed for…
What It Means to be a Mission-Driven Company
- Mickey Bresman
On behalf of the entire team, I’m excited to share that Semperis has been named to Inc.’s 2022 list of Best Workplaces. This annual list honors workplaces that are ranked highly by their employees on topics like benefits, trust in senior leadership, change management, and career development. I could not…
Hybrid Identity Protection: IDPro Founder Ian Glazer
- Sean Deuby | Principal Technologist, Americas
You won’t want to miss the newest episode of the Hybrid Identity Podcast (HIP)! In this session, I have the pleasure of talking with IDPro founder and Salesforce Senior VP of Identity Product Management Ian Glazer. What’s new at IDPro? IDPro has become the organization for identity pros looking for…
Purple Knight
What CISOs Need to Know About Fighting Ransomware in 2026
- Sean Deuby | Principal Technologist, Americas
- Dec 23, 2025
The fastest way to turn a cyber incident into a business outage is through identity system compromise. Ransomware continues to exploit that fact—and the consequences are real. Here are practical, board-ready steps CISOs can take to boost resilience when those attacks happen.
Purple Knight Scoring Improves Understanding of Identity System Security Vulnerabilities
- Ran Harel
Our latest Purple Knight (PK) v4.2 release introduces fundamental changes, particularly concerning the new scoring calculation. Changing from a broader approach that considered all indicators, we’ve now zeroed in on the “failed” indicators, those that highlight genuine security threats in your environment. This shift aims to ensure that the overall…
Semperis Offers New Protection Against Okta Breaches
- Semperis Research Team
In an ever-evolving digital landscape, organizations rely on robust identity protection solutions to safeguard sensitive data and maintain secure operations. For most enterprise businesses, that means protecting Active Directory and Entra ID (formerly Azure AD). But identity protection is just as vital for organizations that use Okta, a cloud-based identity…
Semperis University
BadSuccessor: How to Detect and Mitigate dMSA Privilege Escalation
- Semperis Team
The BadSuccessor Active Directory attack technique exploits a dangerous Windows Server 2025 vulnerability. Learn how DSP indicators of exposure and compromise enable you to proactively halt malicious activity.
Exploiting the Intruder’s Dilemma for Active Directory Defense
- Huy Kha | Senior Identity & Security Architect
Can you create an AD defense that exploits intruder attack techniques? Learn how to selectively use an attacker’s own methods to detect and expel them.
Defending Against Cable: Prevent Malicious Use of Post-Exploitation Tool
- Huy Kha | Senior Identity & Security Architect
Post-exploitation tools—such as Cable, the Active Directory-specific pentesting tool—are meant to educate security teams. But attackers use them too. Here’s how to detect and defend against malicious use of the Cable tool.
The CISO’s Perspective
What CISOs Need to Know About Fighting Ransomware in 2026
- Sean Deuby | Principal Technologist, Americas
- Dec 23, 2025
The fastest way to turn a cyber incident into a business outage is through identity system compromise. Ransomware continues to exploit that fact—and the consequences are real. Here are practical, board-ready steps CISOs can take to boost resilience when those attacks happen.
Hello, My Name Is Domain Admin
- Mickey Bresman
My friends know I’m a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk’s first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life, and becoming a “real” person…
New Ransomware Statistics Reveal Increased Need for Active Directory Security and Resilience
- Mickey Bresman
By now, we’re all familiar with the need for an “assume breach” mindset where ransomware and other cyber threats are concerned. To better understand the necessity and challenges of this approach, we partnered with international market research firm Censuswide to ask organizations about their experience with ransomware attacks. What we…
Threat Research
SyncJacking: Hard Matching Vulnerability Enables Entra ID Account Takeover
- Tomer Nahum
- Jan 13, 2026
Attackers with certain privileges can abuse Entra Connect hard matching synchronization to take over synchronized Entra ID accounts.
nOAuth Abuse Update: Potential Pivot into Microsoft 365
- Eric Woodruff | Chief Identity Architect
- Jan 05, 2026
Additional nOAuth research indicates that the risk of nOAuth abuse still exists and that many organizations are still unaware of this vulnerability.
Exploiting Ghost SPNs and Kerberos Reflection for SMB Server Privilege Elevation
- Andrea Pierini
- Oct 29, 2025
When misconfigured Service Principal Names (SPNs) and default permissions align, attackers can exploit Kerberos reflection to gain SYSTEM-level access remotely. Even with Microsoft’s security update, Ghost SPNs can still haunt you. Learn why.
Uncategorized
Exploiting Ghost SPNs and Kerberos Reflection for SMB Server Privilege Elevation
- Andrea Pierini
- Oct 29, 2025
When misconfigured Service Principal Names (SPNs) and default permissions align, attackers can exploit Kerberos reflection to gain SYSTEM-level access remotely. Even with Microsoft’s security update, Ghost SPNs can still haunt you. Learn why.
Improve Hybrid AD Security with Automated Response and Streamlined Administration
- Eran Gewurtz | Director of Product Management
- Jul 22, 2025
Service accounts are easy to misconfigure, hard to keep track of, and often forgotten, making them ideal entry points for cyber attackers. Learn how DSP expands your ability to discover, monitor, govern, and protect service accounts.
How to Defend Against Password Guessing Attacks
- Daniel Petri | Senior Training Manager
Here’s what you need to know about password guessing and how to protect Active Directory—and your organization.
AD security resources
Stay informed. Get the latest news and resources on identity threat detection and response (ITDR), hybrid Active Directory (AD) security, and cyber resilience, brought to you by Semperis experts.
Experience a personalized demo
Request a demo and one of our product experts will give you a spin of our solutions.
