Semperis Blog

Insights From Thought Leaders Around The Globe

The digital identities of modern enterprises exist in a dynamic environment. Read thought leadership from experts worldwide regarding the constantly changing global IT environment and insights for keeping up with growing demands, and securing against escalating threats and vulnerabilities.

WannaCry, NotPetya, MBR-ONI and Friends: Tales of Wiper Attacks and Active Directory Destruction

Ransomware attacks on enterprises are escalating both in frequency and complexity. Many in the security space believe that WannaCry and NotPetya were only a sample of what’s coming. Increasingly, Active Directory (AD) is at the center of cyberattacks, with wipers like MBR-ONI utilizing AD to maximize the attack reach and, in some cases, wipers like … Read More

Kerberos at the Company Party

Back in 1999, I wrote a book on Windows 2000 Server in general, and Active Directory in particular. I try not to look back at what I wrote about AD back then compared to what I know now, but I remain fond of a passage that explained how the Kerberos security protocol works – using … Read More

Attacking Active Directory: Tools and Techniques for Using your AD Against You

The Problem with Active Directory Since it was introduced in 2000, Active Directory has become the most critical application for the majority of enterprises. The problem is, that in the almost two decades since it was released, the enterprise security landscape has changed drastically and businesses have not adapted their Active Directory environment to meet … Read More

Hiding in Plain Sight — Discovering Hidden Active Directory Objects

At our recent Hybrid Identity Protection Conference, several of us spoke about the increasing use of Active Directory as a subject of interest in malware attacks. Whether it’s mining AD for information about privileged access, compromising user accounts that lead to increasing levels of privilege in AD, or purposefully targeting AD domain controllers with ransomware, … Read More

How Do I Protect Against Ransomware?

Guest column by Joseph Carson, Chief Security Scientist at Thycotic. “Ransomware” is on the rise using “targeted phishing attacks” and is being used for financial blackmail and poison or corrupt data. No one is excluded from these threats and no company or individual is too small to be a target. Ransomware has become such a … Read More

Maintaining Information Security Compliance Through Active Directory Services

Now more than ever, technology and compliance teams need to work together to protect the integrity of their organizations. Sensitive information is stored and transferred in digital form and associated regulations are becoming increasingly strict and complex. While compliance is responsible for identifying the regulations which pertain to information security, technology teams must identify and … Read More

5 Security Policies Every CISO Must Enforce Now

Guest column by Joseph Carson, Chief Security Scientist at Thycotic. Chief Information Security Officers, CISOs, bear some of the heftiest weights on their shoulders of anyone in an organization. Single-handedly, depending on their security policies and the enforcement of them, they can be responsible for the success or downfall of an entire company. It is, … Read More