Identity Attack Catalog
Categories
- Active Directory Backup & Recovery (59)
- Active Directory Security (189)
- AD Security 101 (17)
- Community Tools (17)
- Directory Modernization (9)
- From the Front Lines (67)
- Hybrid Identity Protection (60)
- Identity Attack Catalog (12)
- Identity Threat Detection & Response (125)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (14)
- Threat Research (48)
- Uncategorized (1)
How to Defend Against SPN Scanning in Active Directory
- Daniel Petri | Senior Training Manager
- Jul 12, 2024
Service Principal Name (SPN) scanning is a reconnaissance technique that attackers use in Active Directory environments. This method enables attackers to discover valuable services and associated accounts, which can be potential targets for further attacks such as Kerberoasting. Related reading: Protect Active Directory against Kerberoasting What is SPN scanning? Understanding…
How to Defend Against Password-Spraying Attacks
- Daniel Petri | Senior Training Manager
- Jun 16, 2024
In the ever-evolving and complex cybersecurity landscape, Active Directory remains a critical infrastructure component for managing network resources and user authentication. However, its centrality also makes it a prime target for attackers. Among these, the password-spraying attacks stand out due to their stealthy nature and potentially high impact. This article…
How to Defend Against SID History Injection
- Daniel Petri | Senior Training Manager
- May 03, 2024
Security Identifier (SID) History injection is a sophisticated cyberattack vector that targets Windows Active Directory environments. This attack exploits the SID History attribute, which is intended to maintain user access rights during migrations from one domain to another. By injecting malicious SID values into this attribute, an attacker can escalate…
LDAP Injection Attack Defense: AD Security 101
- Daniel Petri | Senior Training Manager
- Mar 06, 2024
LDAP injection represents a formidable cyberattack vector, targeting the authentication and authorization mechanisms within your Active Directory environment. By exploiting improper input validation, attackers can manipulate LDAP statements and potentially gain unauthorized access to your directory service. Semperis cybersecurity and identity security experts have a deep understanding of LDAP injection,…
How to Defend Against an Overpass the Hash Attack
- Daniel Petri | Senior Training Manager
- Feb 09, 2024
In the constantly evolving landscape of cyber threats, the Overpass the Hash attack is a potent vector. Leveraging the NTLM authentication protocol, this attack enables adversaries to bypass the need for plaintext passwords. Instead, an Overpass the Hash attack employs a user's hash to authenticate and potentially escalate privileges. As…
How to Defend Against an NTLM Relay Attack
- Daniel Petri | Senior Training Manager
- Jan 26, 2024
The NTLM relay attack poses a significant threat to organizations that use Active Directory. This attack exploits the NT LAN Manager (NTLM) authentication protocol, a challenge-response mechanism used in Windows networks for user authentication. NTLM relay attacks are not just a relic of past security concerns but a present and…
Pass the Hash Attack Defense: AD Security 101
- Daniel Petri | Senior Training Manager
Many Active Directory attacks begin with a stolen password. However, a Pass the Hash attack takes a different approach. In this example of credential theft, threat actors instead steal a user’s password hash. The attack is difficult to detect and can lead to privilege escalation and serious damage to your…
How to Defend Against a Pass the Ticket Attack: AD Security 101
- Daniel Petri | Senior Training Manager
Any organization that relies on Kerberos authentication—the primary authentication method in Active Directory environments—is potentially vulnerable to a Pass the Ticket attack. Organizations that do not regularly patch their systems, monitor and secure Active Directory, and follow robust security measures for credential and ticket protection are at a higher risk.…
