Identity Attack Catalog

A New App Consent Attack: Hidden Consent Grant

A New App Consent Attack: Hidden Consent Grant

  • Adi Malyanker | Security Researcher
  • Aug 13, 2024

Key findings An Application Consent attack, also known as an Illicit Consent Grant attack, is a type of phishing attack in which a malicious actor gains access to an application and then exploits permissions that have been granted to that app. Semperis researcher Adi Malyanker has discovered that under certain…

UnOAuthorized: Privilege Elevation Through Microsoft Applications

UnOAuthorized: Privilege Elevation Through Microsoft Applications

  • Eric Woodruff
  • Aug 07, 2024

This article details a series of Semperis security research team discoveries that resulted in the ability to perform actions in Entra ID beyond expected authorization controls, based on analysis of the OAuth 2.0 scope (permissions). Our most concerning discovery involved the ability to add and remove users from privileged roles,…

How to Defend Against SPN Scanning in Active Directory

How to Defend Against SPN Scanning in Active Directory

  • Daniel Petri | Senior Training Manager
  • Jul 12, 2024

Service Principal Name (SPN) scanning is a reconnaissance technique that attackers use in Active Directory environments. This method enables attackers to discover valuable services and associated accounts, which can be potential targets for further attacks such as Kerberoasting. Related reading: Protect Active Directory against Kerberoasting What is SPN scanning? Understanding…

How to Defend Against Password-Spraying Attacks

How to Defend Against Password-Spraying Attacks

  • Daniel Petri | Senior Training Manager
  • Jun 16, 2024

In the ever-evolving and complex cybersecurity landscape, Active Directory remains a critical infrastructure component for managing network resources and user authentication. However, its centrality also makes it a prime target for attackers. Among these, the password-spraying attacks stand out due to their stealthy nature and potentially high impact. This article…

How to Defend Against SID History Injection

How to Defend Against SID History Injection

  • Daniel Petri | Senior Training Manager
  • May 03, 2024

Security Identifier (SID) History injection is a sophisticated cyberattack vector that targets Windows Active Directory environments. This attack exploits the SID History attribute, which is intended to maintain user access rights during migrations from one domain to another. By injecting malicious SID values into this attribute, an attacker can escalate…

LDAP Injection Attack Defense: AD Security 101

LDAP Injection Attack Defense: AD Security 101

  • Daniel Petri | Senior Training Manager

LDAP injection represents a formidable cyberattack vector, targeting the authentication and authorization mechanisms within your Active Directory environment. By exploiting improper input validation, attackers can manipulate LDAP statements and potentially gain unauthorized access to your directory service. Semperis cybersecurity and identity security experts have a deep understanding of LDAP injection,…

How to Defend Against an Overpass the Hash Attack

How to Defend Against an Overpass the Hash Attack

  • Daniel Petri | Senior Training Manager

In the constantly evolving landscape of cyber threats, the Overpass the Hash attack is a potent vector. Leveraging the NTLM authentication protocol, this attack enables adversaries to bypass the need for plaintext passwords. Instead, an Overpass the Hash attack employs a user's hash to authenticate and potentially escalate privileges. As…

How to Defend Against an NTLM Relay Attack

How to Defend Against an NTLM Relay Attack

  • Daniel Petri | Senior Training Manager

The NTLM relay attack poses a significant threat to organizations that use Active Directory. This attack exploits the NT LAN Manager (NTLM) authentication protocol, a challenge-response mechanism used in Windows networks for user authentication. NTLM relay attacks are not just a relic of past security concerns but a present and…