REGISTER to join us in Charleston for the Hybrid Identity Protection Conference — October 7-9
Back to blogs listing

Active Directory Security

Categories

Featured Articles

How to Automatically Undo Risky Changes in Active Directory
  • Huy Kha | Senior Identity & Security Architect
  • Apr 21, 2025
AD Security 101: GPO Logon Script Security
  • Daniel Petri | Senior Training Manager
AD Security 101: Non-Default Security Principals with DCSync Rights
  • Daniel Petri | Senior Training Manager

Chat with an expert

Modernize your AD

Request Demo

Download Purple Knight

Free Active Directory Security Assessment

Read more
How to Secure Service Accounts: Protecting Identity Security’s Achilles’ Heel

How to Secure Service Accounts: Protecting Identity Security’s Achilles’ Heel

  • Ran Harel
  • Jul 24, 2025

Securing service accounts is essential for identity system security, but in practice, it’s prohibitively time- and resource-intensive. Learn why service accounts are a stubborn security gap—and how to close it.

Improve Hybrid AD Security with Automated Response and Streamlined Administration

Improve Hybrid AD Security with Automated Response and Streamlined Administration

  • Eran Gewurtz | Director of Product Management
  • Jul 22, 2025

Service accounts are easy to misconfigure, hard to keep track of, and often forgotten, making them ideal entry points for cyber attackers. Learn how DSP expands your ability to discover, monitor, govern, and protect service accounts.

Golden dMSA: What Is dMSA Authentication Bypass?

Golden dMSA: What Is dMSA Authentication Bypass?

  • Adi Malyanker | Security Researcher
  • Jul 16, 2025

Delegated Managed Service Accounts are designed to revolutionize service account management. But Semperis researchers have discovered a critical design flaw that attackers can exploit for persistence and privilege escalation in AD environments with dMSAs. Learn about Golden dMSA and its risks.

How to Block BadSuccessor: The Good, Bad, and Ugly of dMSA Migration

How to Block BadSuccessor: The Good, Bad, and Ugly of dMSA Migration

  • Jorge de Almeida Pinto
  • Jul 10, 2025

The BadSuccessor privilege escalation technique presents a severe risk to Active Directory environments that use delegated Managed Service Accounts. Learn how blocking dMSA migration prevents attackers from misusing a dMSA to take over an AD domain.

Understanding Identity Security Posture: See the Big Picture of Your Hybrid Environment

Understanding Identity Security Posture: See the Big Picture of Your Hybrid Environment

  • Sean Deuby | Principal Technologist, Americas
  • Jun 27, 2025

Pursuing cybersecurity maturity requires more than flipping a switch. To maintain a strong identity security posture, start by taking a broader look at the complex factors affecting your identity ecosystem.

How to Defend Against Password Guessing Attacks

How to Defend Against Password Guessing Attacks

  • Daniel Petri | Senior Training Manager
  • Jun 13, 2025

Here’s what you need to know about password guessing and how to protect Active Directory—and your organization.

BadSuccessor: How to Detect and Mitigate dMSA Privilege Escalation

BadSuccessor: How to Detect and Mitigate dMSA Privilege Escalation

  • Semperis Team
  • Jun 05, 2025

The BadSuccessor Active Directory attack technique exploits a dangerous Windows Server 2025 vulnerability. Learn how DSP indicators of exposure and compromise enable you to proactively halt malicious activity.

What is Identity Attack Surface Management?

What is Identity Attack Surface Management?

  • Daniel Petri | Senior Training Manager
  • May 23, 2025

A specialized identity attack surface management (IASM) practice is not optional. It’s a fundamental necessity for organizations that rely on identity services like Active Directory.