Active Directory Security
Categories
- Active Directory Backup & Recovery (56)
- Active Directory Security (178)
- AD Security 101 (15)
- Community Tools (17)
- Directory Modernization (9)
- From the Front Lines (67)
- Hybrid Identity Protection (60)
- Identity Attack Catalog (9)
- Identity Threat Detection & Response (121)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (13)
- Threat Research (47)
- Uncategorized (1)
Semperis introduces tools to improve security resiliency of Windows Active Directory
- Byron Acohido
- Apr 16, 2020
Ransomware continues to endure as a highly lucrative criminal enterprise. Ransomware hacking groups extorted at least $144.35 million from U.S. organizations between January 2013 and July 2019. That’s the precise figure recently disclosed by the FBI — the true damage is almost certainly a lot steeper, given only a portion of cyber…
How To Prepare For Cyberwar: It Starts With Identity
- Mickey Bresman
- Mar 24, 2020
Cyberattacks are rapidly evolving in sophistication and scale. The line between the digital and the physical realm has become more blurred. Foreign cyberattackers have used destructive malware to erase data from hard drives and made moves to infiltrate industrial systems. They could make equally damaging moves in the future, given recent political…
Upgrading to WS2016/2019? Consider a Safety Net for AD
- Sean Deuby
- Nov 22, 2019
A colleague here at Semperis recently looped me into a conversation with the manager of a large Active Directory environment running on Windows Server 2008 R2. With end of support for Windows Server 2008 and 2008 R2 coming up soon (officially January 14, 2020), planning is well underway for upgrade…
Toughen Up Your AD
- Edward Amoroso
- Oct 18, 2019
Request for Comments (RFC) 1823 from August 1995 introduced the Lightweight Directory Access Protocol (LDAP) Application Programming Interface (API). One could argue that this important work served as the foundation for modern identity management. And yet, surprisingly, the word identity does not appear even once in the entire RFC. (The word directory shows up…
Why Most Organizations Still Can’t Defend Against DCShadow – Part 2
- Darren Mar-Elia
- Aug 26, 2019
In part 1 of this blog post, I talked about the threat that DCShadow poses to organizations that use Microsoft Active Directory (AD). Here in part 2, I’ll talk about steps you can take to protect your organization. (Quick recap: DCShadow is a feature of the Mimikatz post-exploitation tool that…
Why Most Organizations Still Can’t Defend against DCShadow
- Darren Mar-Elia
- Jul 16, 2019
DCShadow is a readily available technique that allows an attacker to establish persistent privileged access in Microsoft Active Directory (AD). Specifically, DCShadow allows an attacker with privileged access to create and edit arbitrary objects in AD without anyone knowing. This allows the attacker to create backdoors all over AD that…
Group Policy Security– Tinkering with External Paths
- Darren Mar-Elia
- Mar 05, 2019
If you’ve been following this blog, you know that about 2 and half years ago, I started talking about Group Policy’s precarious role in the typical enterprise’s security posture. Many, if not most, AD shops use GP to perform security hardening on their Windows desktops and servers. This includes everything…
NotPetya, the Russian Wiper
- Steve Mackay
- Dec 19, 2018
You know Petya, and Sandworm, and Spyware, and Rootkits. Mimikatz and WannaCry, and backdoors and botnets.But do you recall....... the most damaging attack of all?....NotPetya the Russian Wiper, had a very nasty bite.And if you ever saw it, you would even say “Good Night!”.All of the other malware’s... used to…
