Active Directory Security

Identity Attack Watch: AD Security News, February 2024

Identity Attack Watch: AD Security News, February 2024

  • Semperis Research Team
  • Feb 29, 2024

As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To assist IT professionals in comprehending and preventing attacks that involve AD, the Semperis Research Team publishes a monthly roundup of recent cyberattacks. In this month’s…

Attacking Active Directory: Why Cyber Threats Target AD

Attacking Active Directory: Why Cyber Threats Target AD

  • Darren Mar-Elia
  • Feb 21, 2024

[Updated February 21, 2024; originally published December 14, 2017] Active Directory is the most critical identity system for most enterprises. The problem is that in the two-plus decades since Active Directory was released, the enterprise security landscape has changed drastically. Yet few businesses have adapted their Active Directory environments to…

Understanding the Risks of Pre-Windows 2000 Compatible Access Settings

Understanding the Risks of Pre-Windows 2000 Compatible Access Settings

  • Guido Grillenmeier
  • Feb 14, 2024

[Updated February 14, 2024; originally published November 29, 2021] The number and scope of confusing and risky security settings in Active Directory are becoming better known with every new cyberattack. Many of these vulnerabilities can be attributed to risky configurations that have accumulated in legacy environments over time. But IT…

How to Defend Against an Overpass the Hash Attack

How to Defend Against an Overpass the Hash Attack

  • Daniel Petri
  • Feb 09, 2024

In the constantly evolving landscape of cyber threats, the Overpass the Hash attack is a potent vector. Leveraging the NTLM authentication protocol, this attack enables adversaries to bypass the need for plaintext passwords. Instead, an Overpass the Hash attack employs a user's hash to authenticate and potentially escalate privileges. As…

Top Active Directory Hardening Strategies

Top Active Directory Hardening Strategies

  • Sean Deuby
  • Feb 07, 2024

The most recent Microsoft Digital Defense Report notes that nearly half of all Microsoft Incident Response engagements encountered insecure Active Directory configurations. Mandiant has previously reported that 9 of 10 cyberattacks exploit Active Directory. These sobering statistics are a reminder that enterprises that hope to build a more resilient IT…

MFA for Active Directory: An Overview

MFA for Active Directory: An Overview

  • Sean Deuby
  • Feb 02, 2024

Modern information security is built on a layered defense. Each layer supports the others and presents additional obstacles to threat actors. From patch management to perimeter firewalls, each layer makes it more difficult for attackers to compromise your network. Multifactor authentication (MFA) is one of these layers. MFA has many…

Identity Attack Watch: AD Security News, January 2024

Identity Attack Watch: AD Security News, January 2024

  • Semperis Research Team
  • Jan 31, 2024

As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To assist IT professionals in comprehending and preventing attacks that involve AD, the Semperis Research Team publishes a monthly roundup of recent cyberattacks. In this month’s…

How to Defend Against an NTLM Relay Attack

How to Defend Against an NTLM Relay Attack

  • Daniel Petri
  • Jan 26, 2024

The NTLM relay attack poses a significant threat to organizations that use Active Directory. This attack exploits the NT LAN Manager (NTLM) authentication protocol, a challenge-response mechanism used in Windows networks for user authentication. NTLM relay attacks are not just a relic of past security concerns but a present and…