World Premiere of Midnight in the War Room to be hosted at Black Hat Vegas
Back to blogs listing

Active Directory Security

Categories

Featured Articles

How to Automatically Undo Risky Changes in Active Directory
  • Huy Kha | Senior Identity & Security Architect
AD Security 101: GPO Logon Script Security
  • Daniel Petri | Senior Training Manager
AD Security 101: Non-Default Security Principals with DCSync Rights
  • Daniel Petri | Senior Training Manager

Chat with an expert

Modernize your AD

Request Demo

Download Purple Knight

Free Active Directory Security Assessment

Read more
SyncJacking: Hard Matching Vulnerability Enables Entra ID Account Takeover

SyncJacking: Hard Matching Vulnerability Enables Entra ID Account Takeover

  • Tomer Nahum
  • Jan 13, 2026

Attackers with certain privileges can abuse Entra Connect hard matching synchronization to take over synchronized Entra ID accounts.

Best Cybersecurity Conferences for Identity Security Professionals in 2026

Best Cybersecurity Conferences for Identity Security Professionals in 2026

  • Semperis
  • Dec 30, 2025

For anyone safeguarding hybrid identity systems, continuous learning and cyber community engagement are critical. Here are our top picks for conferences that deliver a laser-focus on identity security—and the technical knowledge you need to stay ahead of threats.

What CISOs Need to Know About Fighting Ransomware in 2026

What CISOs Need to Know About Fighting Ransomware in 2026

  • Sean Deuby | Principal Technologist, Americas
  • Dec 23, 2025

The fastest way to turn a cyber incident into a business outage is through identity system compromise. Ransomware continues to exploit that fact—and the consequences are real. Here are practical, board-ready steps CISOs can take to boost resilience when those attacks happen.

Exploiting Ghost SPNs and Kerberos Reflection for SMB Server Privilege Elevation

Exploiting Ghost SPNs and Kerberos Reflection for SMB Server Privilege Elevation

  • Andrea Pierini
  • Oct 29, 2025

When misconfigured Service Principal Names (SPNs) and default permissions align, attackers can exploit Kerberos reflection to gain SYSTEM-level access remotely. Even with Microsoft’s security update, Ghost SPNs can still haunt you. Learn why.

Unlocking Unmatched Identity Resilience: The Semperis-Cohesity Partnership

Unlocking Unmatched Identity Resilience: The Semperis-Cohesity Partnership

  • Chris Salzgeber | Product Manager, Integrations
  • Sep 17, 2025

The Semperis-Cohesity partnership is the convergence of two industry leaders, each with singular expertise. With Cohesity Identity Resilience, organizations can be confident that their critical identity systems are secure and recoverable.

How to Secure Service Accounts: Protecting Identity Security’s Achilles’ Heel

How to Secure Service Accounts: Protecting Identity Security’s Achilles’ Heel

  • Ran Harel
  • Jul 24, 2025

Securing service accounts is essential for identity system security, but in practice, it’s prohibitively time- and resource-intensive. Learn why service accounts are a stubborn security gap—and how to close it.

Improve Hybrid AD Security with Automated Response and Streamlined Administration

Improve Hybrid AD Security with Automated Response and Streamlined Administration

  • Eran Gewurtz | Director of Product Management
  • Jul 22, 2025

Service accounts are easy to misconfigure, hard to keep track of, and often forgotten, making them ideal entry points for cyber attackers. Learn how DSP expands your ability to discover, monitor, govern, and protect service accounts.

Golden dMSA: What Is dMSA Authentication Bypass?

Golden dMSA: What Is dMSA Authentication Bypass?

  • Adi Malyanker | Security Researcher
  • Jul 16, 2025

Delegated Managed Service Accounts are designed to revolutionize service account management. But Semperis researchers have discovered a critical design flaw that attackers can exploit for persistence and privilege escalation in AD environments with dMSAs. Learn about Golden dMSA and its risks.