Active Directory Security
Categories
- Active Directory Backup & Recovery (63)
- Active Directory Security (216)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (68)
- Identity Attack Catalog (29)
- Identity Threat Detection & Response (144)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- Semperis University (2)
- The CISO's Perspective (16)
- Threat Research (68)
AD Security: How to Use Delegation of User Management and Windows Password Options
- Guido Grillenmeier
- Apr 29, 2025
Permission delegation in Active Directory can be complex. Learn how you can use Windows password options with delegation management to support your user management structure without sacrificing AD security.
How to Automatically Undo Risky Changes in Active Directory
- Huy Kha | Senior Identity & Security Architect
- Apr 21, 2025
For most organizations, manually auditing and rolling back every risky Active Directory change isn’t practical—or even possible. Discover how the Auto Undo feature in DSP works to automate change mitigation to protect sensitive AD and Entra ID objects and attributes.
Pass the Hash Attack Explained
- Huy Kha | Senior Identity & Security Architect
- Apr 09, 2025
Cyber attackers can choose from numerous credential compromise methods to gain access to Active Directory. The Pass the Hash attack is one that is stealthy and efficient.
Hospital Cyberattacks Highlight Importance of Active Directory Security
- Michael Choo
- Mar 24, 2025
Two back-to-back incidents—part of a global increase in cyberattacks on healthcare organizations—followed common pathways to exploit AD security vulnerabilities.
Introduction to Identity Forensics & Incident Response (IFIR)
- Huy Kha | Senior Identity & Security Architect
- Mar 21, 2025
From my experience at Microsoft Detection and Response Team (DART), I know that ransomware operators almost always target high-privileged identities. Once attackers gain control, they use those identities to spread ransomware; for example, through Group Policy or PsExec. Ransomware attacks are usually loud and destructive, aiming to cause maximum impact…
Leveraging NIST CSF for Public Sector Cybersecurity
- Edward Amoroso
- Mar 18, 2025
[Editor’s note: This article is a guest post by TAG CEO and founder Ed Amoroso.] Cybersecurity practitioners working for federal agencies in the United States know that they must learn to decode various acronyms such as FedRAMP, FISMA, RMF, and on and on. They must do so because the standards…
LDAP Reconnaissance Explained
- Huy Kha | Senior Identity & Security Architect
- Mar 06, 2025
Lightweight Directory Access Protocol (LDAP) reconnaissance is an approach that enables attackers to discover valuable details about an organization, such as user accounts, groups, computers, and privileges. Learn how to detect LDAP reconnaissance and how cyberattackers can use this method as part of an attempt to compromise your environment. What…
Effective GPO Change Auditing with Directory Services Protector
- Huy Kha | Senior Identity & Security Architect
- Mar 01, 2025
Tracking Group Policy changes can be tricky, especially in large environments with numerous Group Policy Objects (GPOs) linked to different organizational units (OUs). Yet GPO change auditing is a vital part of effective cybersecurity. Without proper visibility, critical changes—whether due to accidental misconfigurations or malicious activity—can easily slip under the…
