RC4 decommission on your radar? Get free RC4 location queries—and details for implementing them.
Back to blogs listing

Active Directory Security

Categories

Featured Articles

How to Automatically Undo Risky Changes in Active Directory
  • Huy Kha | Senior Identity & Security Architect
AD Security 101: GPO Logon Script Security
  • Daniel Petri | Senior Training Manager
AD Security 101: Non-Default Security Principals with DCSync Rights
  • Daniel Petri | Senior Training Manager

Chat with an expert

Modernize your AD

Request Demo

Download Purple Knight

Free Active Directory Security Assessment

Read more
Ransomware Defense in 2026: What CISOs Need to Know

Ransomware Defense in 2026: What CISOs Need to Know

  • Sean Deuby | Principal Technologist, Americas
  • Dec 23, 2025

The fastest way to turn a cyber incident into a business outage is through identity system compromise. Ransomware continues to exploit that fact—and the consequences are real. Here are practical, board-ready steps CISOs can take to boost resilience when those attacks happen.

Exploiting Ghost SPNs and Kerberos Reflection for SMB Server Privilege Elevation

Exploiting Ghost SPNs and Kerberos Reflection for SMB Server Privilege Elevation

  • Andrea Pierini
  • Oct 29, 2025

When misconfigured Service Principal Names (SPNs) and default permissions align, attackers can exploit Kerberos reflection to gain SYSTEM-level access remotely. Even with Microsoft’s security update, Ghost SPNs can still haunt you. Learn why.

Unlocking Unmatched Identity Resilience: The Semperis-Cohesity Partnership

Unlocking Unmatched Identity Resilience: The Semperis-Cohesity Partnership

  • Chris Salzgeber | Former Product Manager, Integrations

The Semperis-Cohesity partnership is the convergence of two industry leaders, each with singular expertise. With Cohesity Identity Resilience, organizations can be confident that their critical identity systems are secure and recoverable.

How to Secure Service Accounts: Protecting Identity Security’s Achilles’ Heel

How to Secure Service Accounts: Protecting Identity Security’s Achilles’ Heel

  • Ran Harel

Securing service accounts is essential for identity system security, but in practice, it’s prohibitively time- and resource-intensive. Learn why service accounts are a stubborn security gap—and how to close it.

Improve Hybrid AD Security with Automated Response and Streamlined Administration

Improve Hybrid AD Security with Automated Response and Streamlined Administration

  • Eran Gewurtz | Director of Product Management

Service accounts are easy to misconfigure, hard to keep track of, and often forgotten, making them ideal entry points for cyber attackers. Learn how DSP expands your ability to discover, monitor, govern, and protect service accounts.

Golden dMSA: What Is dMSA Authentication Bypass?

Golden dMSA: What Is dMSA Authentication Bypass?

  • Adi Malyanker | Security Researcher

Delegated Managed Service Accounts are designed to revolutionize service account management. But Semperis researchers have discovered a critical design flaw that attackers can exploit for persistence and privilege escalation in AD environments with dMSAs. Learn about Golden dMSA and its risks.

How to Block BadSuccessor: The Good, Bad, and Ugly of dMSA Migration

How to Block BadSuccessor: The Good, Bad, and Ugly of dMSA Migration

  • Jorge de Almeida Pinto

The BadSuccessor privilege escalation technique presents a severe risk to Active Directory environments that use delegated Managed Service Accounts. Learn how blocking dMSA migration prevents attackers from misusing a dMSA to take over an AD domain.

Understanding Identity Security Posture: See the Big Picture of Your Hybrid Environment

Understanding Identity Security Posture: See the Big Picture of Your Hybrid Environment

  • Sean Deuby | Principal Technologist, Americas

Pursuing cybersecurity maturity requires more than flipping a switch. To maintain a strong identity security posture, start by taking a broader look at the complex factors affecting your identity ecosystem.