Featured posts
- Semperis Team
- Jun 05, 2025
Categories
- Daniel Petri | Senior Training Manager
- Jun 13, 2025
- Huy Kha | Senior Identity & Security Architect
- Apr 21, 2025
- Guido Grillenmeier | Principal Technologist, EMEA
- Apr 29, 2025
Latest posts
- Sean Deuby | Principal Technologist, Americas
- Jun 27, 2025
- Eric Woodruff
- Jun 25, 2025
- Daniel Petri | Senior Training Manager
- Jun 13, 2025
- Semperis Team
- Jun 05, 2025
- Daniel Petri | Senior Training Manager
- May 23, 2025
- Huy Kha | Senior Identity & Security Architect
- May 20, 2025
- Huy Kha | Senior Identity & Security Architect
- May 15, 2025
- Huy Kha | Senior Identity & Security Architect
- May 13, 2025
Categories
Active Directory Backup & Recovery
ADFR Azure Cloud Backup: Resilience, Security, and Integrity for AD Backups
- Tim Springston
- May 08, 2025
The ability to recover business operations quickly from a cyberattack is critical for business resilience—and central to the mission of Active Directory Forest Recovery. Azure Cloud Backup ensures your AD backups are secure, immutable, and ready for rapid recovery.
Active Directory Forest Recovery Raises the Bar on Identity Cyber Resilience
- Darren Mar-Elia | VP of Products
- Apr 18, 2025
As cyberattacks increasingly target Active Directory—used by 90% of businesses worldwide—identity system recovery has become a critical priority for most organizations. Semperis has added capabilities in Active Directory Forest Recovery (ADFR) that build on our years-long foundation of cyber-first Active Directory recovery, which continues to be a key differentiator in…
Introduction to Identity Forensics & Incident Response (IFIR)
- Huy Kha | Senior Identity & Security Architect
- Mar 21, 2025
From my experience at Microsoft Detection and Response Team (DART), I know that ransomware operators almost always target high-privileged identities. Once attackers gain control, they use those identities to spread ransomware; for example, through Group Policy or PsExec. Ransomware attacks are usually loud and destructive, aiming to cause maximum impact…
Active Directory Security
Understanding Identity Security Posture: See the Big Picture of Your Hybrid Environment
- Sean Deuby | Principal Technologist, Americas
- Jun 27, 2025
Pursuing cybersecurity maturity requires more than flipping a switch. To maintain a strong identity security posture, start by taking a broader look at the complex factors affecting your identity ecosystem.
How to Defend Against Password Guessing Attacks
- Daniel Petri | Senior Training Manager
- Jun 13, 2025
Here’s what you need to know about password guessing and how to protect Active Directory—and your organization.
BadSuccessor: How to Detect and Mitigate dMSA Privilege Escalation
- Semperis Team
- Jun 05, 2025
The BadSuccessor Active Directory attack technique exploits a dangerous Windows Server 2025 vulnerability. Learn how DSP indicators of exposure and compromise enable you to proactively halt malicious activity.
AD Security 101
How to Defend Against a Password Spraying Attack
- Daniel Petri | Senior Training Manager
Active Directory remains a critical infrastructure component for managing network resources, login credentials, and user authentication. Yet its centrality makes it a prime target for cyberattacks. One such evolving cyberattack is password spraying, a threat that’s gained in complexity in recent years. Password spraying attacks stand out due to their…
How to Defend Against SID History Injection
- Daniel Petri | Senior Training Manager
Security Identifier (SID) History injection is a sophisticated cyberattack vector that targets Windows Active Directory environments. This attack exploits the SID History attribute, which is intended to maintain user access rights during migrations from one domain to another. By injecting malicious SID values into this attribute, an attacker can escalate…
LDAP Injection Attack Defense: AD Security 101
- Daniel Petri | Senior Training Manager
LDAP injection represents a formidable cyberattack vector, targeting the authentication and authorization mechanisms within your Active Directory environment. By exploiting improper input validation, attackers can manipulate LDAP statements and potentially gain unauthorized access to your directory service. Semperis cybersecurity and identity security experts have a deep understanding of LDAP injection,…
Community Tools
Hello, My Name Is Domain Admin
- Mickey Bresman
My friends know I’m a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk’s first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life, and becoming a “real” person…
Strengthening Cyber Incident Response with Forest Druid
- Huy Kha | Senior Identity & Security Architect
Forest Druid is a free cyber attack path discovery tool for hybrid identity environments, such as Active Directory and Entra ID. Unlike traditional tools that map attack paths from the external perimeter inwards, Forest Druid focuses on protecting the most critical assets first. This method prioritizes identifying and securing Tier…
Purple Knight Scoring Improves Understanding of Identity System Security Vulnerabilities
- Ran Harel
Our latest Purple Knight (PK) v4.2 release introduces fundamental changes, particularly concerning the new scoring calculation. Changing from a broader approach that considered all indicators, we’ve now zeroed in on the “failed” indicators, those that highlight genuine security threats in your environment. This shift aims to ensure that the overall…
Directory Modernization
Security-Centric Active Directory Migration and Consolidation
- Michael Masciulli
Enterprise organizations with legacy Active Directory (AD) environments have a security problem. Their AD infrastructure has likely degraded over time and now harbors multiple security vulnerabilities because of inefficient architecture, multiple misconfigurations, and poorly secured legacy applications. Yet Active Directory migration and consolidation, especially involving a sprawling AD infrastructure, is…
Active Directory Migration: 15 Steps to Success
- Daniel Petri | Senior Training Manager
Active Directory (AD) migration projects can be challenging and complex. Such projects involve the migration of users, groups, computers, and applications from one AD domain or forest to another. Careful planning and execution can help your migration team complete a successful AD migration, with minimal disruption to end users and…
Why AD Modernization Is Critical to Your Cybersecurity Program
- Mickey Bresman
Active Directory (AD) is the core identity store for many organizations. As such, AD has also become a major target for bad actors. If attackers gain access to AD, they gain access to any resources in the organization. In a hybrid on-prem/cloud scenario, which is common today, that includes access…
From the Front Lines
Hello, My Name Is Domain Admin
- Mickey Bresman
My friends know I’m a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk’s first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life, and becoming a “real” person…
New Ransomware Statistics Reveal Increased Need for Active Directory Security and Resilience
- Mickey Bresman
By now, we’re all familiar with the need for an “assume breach” mindset where ransomware and other cyber threats are concerned. To better understand the necessity and challenges of this approach, we partnered with international market research firm Censuswide to ask organizations about their experience with ransomware attacks. What we…
LockBit, Law Enforcement, and You
- Mickey Bresman
Another day, another installment in the LockBit saga. The latest development in the never-ending story of cyber-criminal gangs versus law enforcement agencies is nearly worthy of its own TV series. But what does it mean for you—the person who must defend your organization and maintain its ability to operate amidst…
Hybrid Identity Protection
Understanding Identity Security Posture: See the Big Picture of Your Hybrid Environment
- Sean Deuby | Principal Technologist, Americas
- Jun 27, 2025
Pursuing cybersecurity maturity requires more than flipping a switch. To maintain a strong identity security posture, start by taking a broader look at the complex factors affecting your identity ecosystem.
Microsoft Entra Connect Compromise Explained
- Huy Kha | Senior Identity & Security Architect
- Mar 28, 2025
In hybrid identity environments, attackers that manage to breach either the on-premises Active Directory or cloud-based Entra ID typically attempt to expand their reach throughout your identity environment. If your identity infrastructure includes Entra ID, make sure you understand how to detect and defend against Entra Connect compromise. What is…
Introduction to Identity Forensics & Incident Response (IFIR)
- Huy Kha | Senior Identity & Security Architect
- Mar 21, 2025
From my experience at Microsoft Detection and Response Team (DART), I know that ransomware operators almost always target high-privileged identities. Once attackers gain control, they use those identities to spread ransomware; for example, through Group Policy or PsExec. Ransomware attacks are usually loud and destructive, aiming to cause maximum impact…
Identity Attack Catalog
How to Defend Against Password Guessing Attacks
- Daniel Petri | Senior Training Manager
- Jun 13, 2025
Here’s what you need to know about password guessing and how to protect Active Directory—and your organization.
Group Policy Preferences Abuse Explained
- Huy Kha | Senior Identity & Security Architect
- May 13, 2025
The Group Policy Preferences feature provides a well-known pathway for cyber attackers to discover easily decoded passwords in Active Directory. Learn to spot and defend against this vulnerability.
ESC1 Attack Explained
- Huy Kha | Senior Identity & Security Architect
- May 01, 2025
Discover how certificate template misconfigurations in Active Directory Certificate Services (AD CS) enable ESC1 attacks—allowing cyber attackers to rapidly escalate privileges and potentially compromise entire networks.
Identity Threat Detection & Response
Understanding Identity Security Posture: See the Big Picture of Your Hybrid Environment
- Sean Deuby | Principal Technologist, Americas
- Jun 27, 2025
Pursuing cybersecurity maturity requires more than flipping a switch. To maintain a strong identity security posture, start by taking a broader look at the complex factors affecting your identity ecosystem.
nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications
- Eric Woodruff
- Jun 25, 2025
Key findings The nOAuth vulnerability exposes a critical authentication flaw in vulnerable software-as-a-service (SaaS) applications. With only access to an Entra tenant—a low barrier—and the target user’s email address, an attacker can take over that user’s account in the vulnerable application. From there, the attacker can access all the data…
How to Defend Against Password Guessing Attacks
- Daniel Petri | Senior Training Manager
- Jun 13, 2025
Here’s what you need to know about password guessing and how to protect Active Directory—and your organization.
Our Mission: Be a Force for Good
Duns 100 Ranks Semperis in Top 15 to Work For
- Yarden Gur
This month marked two milestones for Semperis. First, Deloitte recognized the company as one of the 100 fastest growing technology companies in North America and (for the third consecutive year) one of the top 10 fastest-growing tech companies in the greater New York area. Then, the company was listed for…
What It Means to be a Mission-Driven Company
- Mickey Bresman
On behalf of the entire team, I’m excited to share that Semperis has been named to Inc.’s 2022 list of Best Workplaces. This annual list honors workplaces that are ranked highly by their employees on topics like benefits, trust in senior leadership, change management, and career development. I could not…
Hybrid Identity Protection: IDPro Founder Ian Glazer
- Sean Deuby | Principal Technologist, Americas
You won’t want to miss the newest episode of the Hybrid Identity Podcast (HIP)! In this session, I have the pleasure of talking with IDPro founder and Salesforce Senior VP of Identity Product Management Ian Glazer. What’s new at IDPro? IDPro has become the organization for identity pros looking for…
Purple Knight
Purple Knight Scoring Improves Understanding of Identity System Security Vulnerabilities
- Ran Harel
Our latest Purple Knight (PK) v4.2 release introduces fundamental changes, particularly concerning the new scoring calculation. Changing from a broader approach that considered all indicators, we’ve now zeroed in on the “failed” indicators, those that highlight genuine security threats in your environment. This shift aims to ensure that the overall…
Semperis Offers New Protection Against Okta Breaches
- Semperis Research Team
In an ever-evolving digital landscape, organizations rely on robust identity protection solutions to safeguard sensitive data and maintain secure operations. For most enterprise businesses, that means protecting Active Directory and Entra ID (formerly Azure AD). But identity protection is just as vital for organizations that use Okta, a cloud-based identity…
How to Prevent a Man-in-the-Middle Attack: AD Security 101
- Daniel Petri | Senior Training Manager
A man-in-the-middle attack, also known as an MitM attack, is a form of eavesdropping in an attempt to steal sensitive data, such as user credentials. These attacks can pose a serious threat to organizations’ network security, particularly in environments that use Microsoft Active Directory (AD) for identity management. As Active…
Semperis University
BadSuccessor: How to Detect and Mitigate dMSA Privilege Escalation
- Semperis Team
- Jun 05, 2025
The BadSuccessor Active Directory attack technique exploits a dangerous Windows Server 2025 vulnerability. Learn how DSP indicators of exposure and compromise enable you to proactively halt malicious activity.
Exploiting the Intruder’s Dilemma for Active Directory Defense
- Huy Kha | Senior Identity & Security Architect
- May 20, 2025
Can you create an AD defense that exploits intruder attack techniques? Learn how to selectively use an attacker’s own methods to detect and expel them.
Defending Against Cable: Prevent Malicious Use of Post-Exploitation Tool
- Huy Kha | Senior Identity & Security Architect
- May 06, 2025
Post-exploitation tools—such as Cable, the Active Directory-specific pentesting tool—are meant to educate security teams. But attackers use them too. Here’s how to detect and defend against malicious use of the Cable tool.
The CISO’s Perspective
Hello, My Name Is Domain Admin
- Mickey Bresman
My friends know I’m a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk’s first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life, and becoming a “real” person…
New Ransomware Statistics Reveal Increased Need for Active Directory Security and Resilience
- Mickey Bresman
By now, we’re all familiar with the need for an “assume breach” mindset where ransomware and other cyber threats are concerned. To better understand the necessity and challenges of this approach, we partnered with international market research firm Censuswide to ask organizations about their experience with ransomware attacks. What we…
DORA Compliance and ITDR
- Daniel Lattimer | Area Vice President – EMEA West
Organisations in the financial services sector in the European Union (EU) have less than a year to demonstrate Digital Operational Resilience Act (DORA) compliance. What is DORA, does it apply to your organisation, and how does DORA compliance intersect with one of today’s major cybersecurity concerns: identity threat detection and…
Threat Research
nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications
- Eric Woodruff
- Jun 25, 2025
Key findings The nOAuth vulnerability exposes a critical authentication flaw in vulnerable software-as-a-service (SaaS) applications. With only access to an Entra tenant—a low barrier—and the target user’s email address, an attacker can take over that user’s account in the vulnerable application. From there, the attacker can access all the data…
LDAP Reconnaissance Explained
- Huy Kha | Senior Identity & Security Architect
- Mar 06, 2025
Lightweight Directory Access Protocol (LDAP) reconnaissance is an approach that enables attackers to discover valuable details about an organization, such as user accounts, groups, computers, and privileges. Learn how to detect LDAP reconnaissance and how cyberattackers can use this method as part of an attempt to compromise your environment. What…
Group Policy Abuse Explained
- Huy Kha | Senior Identity & Security Architect
- Feb 27, 2025
Group Policy is a key configuration and access management feature in the Windows ecosystem. The breadth and level of control embodied in Group Policy Objects (GPOs) within Active Directory make Group Policy abuse a popular method for attackers who want to establish or strengthen a foothold in your environment. Here’s…
Uncategorized
How to Defend Against Password Guessing Attacks
- Daniel Petri | Senior Training Manager
- Jun 13, 2025
Here’s what you need to know about password guessing and how to protect Active Directory—and your organization.
AD security resources
Stay informed. Get the latest news and resources on identity threat detection and response (ITDR), hybrid Active Directory (AD) security, and cyber resilience, brought to you by Semperis experts.
Experience a personalized demo
Request a demo and one of our product experts will give you a spin of our solutions.
