Active Directory Backup & Recovery
Categories
- Active Directory Backup & Recovery (56)
- Active Directory Security (181)
- AD Security 101 (16)
- Community Tools (17)
- Directory Modernization (9)
- From the Front Lines (67)
- Hybrid Identity Protection (60)
- Identity Attack Catalog (10)
- Identity Threat Detection & Response (122)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (13)
- Threat Research (48)
- Uncategorized (1)
NotPetya Flashback: The Latest Supply-Chain Attack Puts Active Directory at Risk of Compromise
- Chris Roberts
- Dec 15, 2020
Last week, news broke that a sophisticated adversary penetrated FireEye's network and stole the company's Red Team assessment tools. The attack is reportedly linked to a larger supply-chain assault that struck government, consulting, technology, and telecom organizations throughout North America, Europe, Asia, and the Middle East. To get an idea of what this stolen toolset…
Egregor Ransomware Attack on Kmart is a Reminder that Active Directory Needs to Be Protected and Recoverable
- Darren Mar-Elia
- Dec 04, 2020
The latest ransomware-as-a-service attack leaves the well-known retailer, Kmart, with service outages and a compromised Active Directory. In the wake of Maze ransomware "retiring" last month, many of its affiliates have moved to the new kid on the ransomware block, Egregor. Named after an occult term meaning the collective energy or force…
The Stakes Are Higher in Healthcare: Fighting Cybercrime During a Pandemic
- Gil Kirkpatrick
- Nov 18, 2020
In the healthcare industry, cybersecurity issues have consequences that go well beyond the loss of data. Recently, the FBI and other federal agencies warned of a credible threat of "increased and imminent cybercrime" to U.S. hospitals and healthcare providers. Criminal groups target the healthcare sector to carry out "data theft…
The Weaponization of Active Directory: An Inside Look at Ransomware Attacks Ryuk, Maze, and SaveTheQueen
- Thomas Leduc
- Oct 02, 2020
Like never before, Active Directory (AD) is in the attackers’ crosshairs. In this blog, we'll examine how ransomware attacks are abusing AD and how enterprises can evolve their defensive strategies to stay ahead of attackers. First, a quick note about the recent privilege escalation vulnerability dubbed Zerologon, which allows an unauthenticated attacker with network access to…
Takeaways from Zerologon: The Latest Domain Controller Attack
- Thomas Leduc
- Sep 21, 2020
If there was ever a time to re-examine the security of your Active Directory, it’s now. In response to rising concerns about the notorious Zerologon vulnerability (CVE-2020-1472), the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an "Emergency Directive" to federal agencies to apply Microsoft's patch immediately. Enterprises would…
Why I’m Hanging Out With the Semperis Crew
- Chris Roberts
- Jul 28, 2020
Let's start with a little history lesson... Back in 2014, there were a series of articles calling for the dismantling and death of Active Directory (AD) for various reasons. Fast forward to 2018, and we made calls for its demise, or simply that companies should take their AD servers, throw…
The Dos and Don’ts of AD Recovery
- Gil Kirkpatrick
- Jun 30, 2020
Last month I was able to catch up with my long-time friend Guido Grillenmeier, who is currently Chief Technologist at DXC Technology. In 2007-2008, Guido and I worked together, developing and delivering the “Active Directory Masters of Disaster” disaster recovery workshops at the Directory Experts Conference. It was, at the…
How To Prepare For Cyberwar: It Starts With Identity
- Mickey Bresman
- Mar 24, 2020
Cyberattacks are rapidly evolving in sophistication and scale. The line between the digital and the physical realm has become more blurred. Foreign cyberattackers have used destructive malware to erase data from hard drives and made moves to infiltrate industrial systems. They could make equally damaging moves in the future, given recent political…
