Identity Forensics and Incident Response prioritizes business resilience, starting with understanding threats and reducing the attack surface. Tackle these 10 common AD risks now to strengthen your identity security.
Post-exploitation tools—such as Cable, the Active Directory-specific pentesting tool—are meant to educate security teams. But attackers use them too. Here’s how to detect and defend against malicious use of the Cable tool.
Cyber resilience isn't just about technology—it's about people, processes, and the ability to act decisively when everything is on the line. It's about discipline, preparation, confidence, and the ability to adapt under pressure. At Semperis, we've spent years helping organizations recover from identity-based cyberattacks. But time and again, we’ve seen…
In hybrid identity environments, attackers that manage to breach either the on-premises Active Directory or cloud-based Entra ID typically attempt to expand their reach throughout your identity environment. If your identity infrastructure includes Entra ID, make sure you understand how to detect and defend against Entra Connect compromise. What is…
[Editor’s note: This article is a guest post by TAG CEO and founder Ed Amoroso.] Cybersecurity practitioners working for federal agencies in the United States know that they must learn to decode various acronyms such as FedRAMP, FISMA, RMF, and on and on. They must do so because the standards…
Lightweight Directory Access Protocol (LDAP) reconnaissance is an approach that enables attackers to discover valuable details about an organization, such as user accounts, groups, computers, and privileges. Learn how to detect LDAP reconnaissance and how cyberattackers can use this method as part of an attempt to compromise your environment. What…
Group Policy is a key configuration and access management feature in the Windows ecosystem. The breadth and level of control embodied in Group Policy Objects (GPOs) within Active Directory make Group Policy abuse a popular method for attackers who want to establish or strengthen a foothold in your environment. Here's…
Password spraying is a top cyber threat, named in the recent report from the cybersecurity agencies in the Five Eyes alliance. What is password spraying, how have cyberattackers used it in the past, and how can you detect and defend your hybrid Active Directory environment against password spraying attacks? What…