Hybrid Identity Protection

Understanding Identity Security Posture: See the Big Picture of Your Hybrid Environment

Understanding Identity Security Posture: See the Big Picture of Your Hybrid Environment

  • Sean Deuby | Principal Technologist, Americas
  • Jun 27, 2025

Pursuing cybersecurity maturity requires more than flipping a switch. To maintain a strong identity security posture, start by taking a broader look at the complex factors affecting your identity ecosystem.

Microsoft Entra Connect Compromise Explained

Microsoft Entra Connect Compromise Explained

  • Huy Kha | Senior Identity & Security Architect
  • Mar 28, 2025

In hybrid identity environments, attackers that manage to breach either the on-premises Active Directory or cloud-based Entra ID typically attempt to expand their reach throughout your identity environment. If your identity infrastructure includes Entra ID, make sure you understand how to detect and defend against Entra Connect compromise. What is…

Introduction to Identity Forensics & Incident Response (IFIR)

Introduction to Identity Forensics & Incident Response (IFIR)

  • Huy Kha | Senior Identity & Security Architect
  • Mar 21, 2025

From my experience at Microsoft Detection and Response Team (DART), I know that ransomware operators almost always target high-privileged identities. Once attackers gain control, they use those identities to spread ransomware; for example, through Group Policy or PsExec. Ransomware attacks are usually loud and destructive, aiming to cause maximum impact…

LDAP Reconnaissance Explained

LDAP Reconnaissance Explained

  • Huy Kha | Senior Identity & Security Architect
  • Mar 06, 2025

Lightweight Directory Access Protocol (LDAP) reconnaissance is an approach that enables attackers to discover valuable details about an organization, such as user accounts, groups, computers, and privileges. Learn how to detect LDAP reconnaissance and how cyberattackers can use this method as part of an attempt to compromise your environment. What…

Group Policy Abuse Explained

Group Policy Abuse Explained

  • Huy Kha | Senior Identity & Security Architect
  • Feb 27, 2025

Group Policy is a key configuration and access management feature in the Windows ecosystem. The breadth and level of control embodied in Group Policy Objects (GPOs) within Active Directory make Group Policy abuse a popular method for attackers who want to establish or strengthen a foothold in your environment. Here's…

AS-REP Roasting Explained

AS-REP Roasting Explained

  • Huy Kha | Senior Identity & Security Architect
  • Jan 25, 2025

Authentication Server Response (AS-REP) Roasting enables attackers to request encrypted authentication responses for accounts in Active Directory that have Kerberos pre-authentication disabled. AS-REP Roasting is one of the Active Directory threats that cybersecurity agencies in the Five Eyes alliance warn about in the recent report, Detecting and Mitigating Active Directory…

LDAPNightmare Explained

LDAPNightmare Explained

  • Eric Woodruff
  • Jan 13, 2025

LDAPNightmare, recently published by SafeBreach Labs, is a proof-of-concept exploit of a known Windows Lightweight Directory Access Protocol (LDAP) denial-of-service vulnerability (CVE-2024-49113). What is LDAPNightmare, how dangerous is this exploit, and how can you detect and defend against it? What is LDAPNightmare? The December 2024 Windows update - published by…

Why Upgrade to Lighting Intelligence from Purple Knight

Why Upgrade to Lighting Intelligence from Purple Knight

  • Huy Kha | Senior Identity & Security Architect

For organizations of any size, managing hybrid identity security across on-premises and cloud environments can be challenging. Purple Knight has long been trusted to expose risky misconfigurations. Now, Semperis—the identity security experts behind Purple Knight—offer Lightning Intelligence, a SaaS security-posture assessment tool that automates scanning to provide continuous monitoring without…