Semperis Launches Ready1 to Transform Cyber Crisis Response
Back to blogs listing

Identity Threat Detection & Response

Categories

Chat with an expert

Modernize your AD

Request Demo

Download Purple Knight

Free Active Directory Security Assessment

Read more
BadSuccessor: How to Detect and Mitigate dMSA Privilege Escalation

BadSuccessor: How to Detect and Mitigate dMSA Privilege Escalation

  • Semperis Team
  • Jun 05, 2025

The BadSuccessor Active Directory attack technique exploits a dangerous Windows Server 2025 vulnerability. Learn how DSP indicators of exposure and compromise enable you to proactively halt malicious activity.

What is Identity Attack Surface Management?

What is Identity Attack Surface Management?

  • Daniel Petri | Senior Training Manager
  • May 23, 2025

A specialized identity attack surface management (IASM) practice is not optional. It’s a fundamental necessity for organizations that rely on identity services like Active Directory.

Top 10 Active Directory Risks IFIR Has Caught in the Wild

Top 10 Active Directory Risks IFIR Has Caught in the Wild

  • Huy Kha | Senior Identity & Security Architect
  • May 15, 2025

Identity Forensics and Incident Response prioritizes business resilience, starting with understanding threats and reducing the attack surface. Tackle these 10 common AD risks now to strengthen your identity security.

Defending Against Cable: Prevent Malicious Use of Post-Exploitation Tool

Defending Against Cable: Prevent Malicious Use of Post-Exploitation Tool

  • Huy Kha | Senior Identity & Security Architect
  • May 06, 2025

Post-exploitation tools—such as Cable, the Active Directory-specific pentesting tool—are meant to educate security teams. But attackers use them too. Here’s how to detect and defend against malicious use of the Cable tool.

Redefining Cyber Crisis Management

Redefining Cyber Crisis Management

  • Mickey Bresman
  • Apr 25, 2025

Cyber resilience isn't just about technology—it's about people, processes, and the ability to act decisively when everything is on the line. It's about discipline, preparation, confidence, and the ability to adapt under pressure. At Semperis, we've spent years helping organizations recover from identity-based cyberattacks. But time and again, we’ve seen…

Microsoft Entra Connect Compromise Explained

Microsoft Entra Connect Compromise Explained

  • Huy Kha | Senior Identity & Security Architect
  • Mar 28, 2025

In hybrid identity environments, attackers that manage to breach either the on-premises Active Directory or cloud-based Entra ID typically attempt to expand their reach throughout your identity environment. If your identity infrastructure includes Entra ID, make sure you understand how to detect and defend against Entra Connect compromise. What is…

Leveraging NIST CSF for Public Sector Cybersecurity

Leveraging NIST CSF for Public Sector Cybersecurity

  • Edward Amoroso
  • Mar 18, 2025

[Editor’s note: This article is a guest post by TAG CEO and founder Ed Amoroso.] Cybersecurity practitioners working for federal agencies in the United States know that they must learn to decode various acronyms such as FedRAMP, FISMA, RMF, and on and on. They must do so because the standards…

LDAP Reconnaissance Explained

LDAP Reconnaissance Explained

  • Huy Kha | Senior Identity & Security Architect
  • Mar 06, 2025

Lightweight Directory Access Protocol (LDAP) reconnaissance is an approach that enables attackers to discover valuable details about an organization, such as user accounts, groups, computers, and privileges. Learn how to detect LDAP reconnaissance and how cyberattackers can use this method as part of an attempt to compromise your environment. What…