Identity Threat Detection & Response

New Forrester TEI Report: Semperis Slashes Downtime by 90%, Saving Customers Millions

New Forrester TEI Report: Semperis Slashes Downtime by 90%, Saving Customers Millions

  • Sean Deuby | Principal Technologist
  • May 20, 2024

How long could your organization go without access to applications and services because of an identity-related cyberattack? That’s the question we often ask security and IT ops leaders when we’re discussing the importance of protecting Active Directory and Entra ID from threat actors. The question seems hypothetical because it assumes…

How to Defend Against SID History Injection

How to Defend Against SID History Injection

  • Daniel Petri
  • May 03, 2024

Security Identifier (SID) History injection is a sophisticated cyberattack vector that targets Windows Active Directory environments. This attack exploits the SID History attribute, which is intended to maintain user access rights during migrations from one domain to another. By injecting malicious SID values into this attribute, an attacker can escalate…

Accelerate AD and Entra ID Protection from Cyber Threats

Accelerate AD and Entra ID Protection from Cyber Threats

  • Eitan Bloch | Semperis Product Manager
  • Apr 19, 2024

How secure is your hybrid identity environment? Since the discovery of the SolarWinds breach in December 2020, cyberattacks that start in the cloud environment—Entra ID for most organizations—and move to on-premises Active Directory (AD) have become an increasingly persistent problem. According to Microsoft’s Digital Defense Report 2023, incident response teams…

LDAP Injection Attack Defense: AD Security 101

LDAP Injection Attack Defense: AD Security 101

  • Daniel Petri
  • Mar 06, 2024

LDAP injection represents a formidable cyberattack vector, targeting the authentication and authorization mechanisms within your Active Directory environment. By exploiting improper input validation, attackers can manipulate LDAP statements and potentially gain unauthorized access to your directory service. Semperis cybersecurity and identity security experts have a deep understanding of LDAP injection,…

Understanding the Risks of Pre-Windows 2000 Compatible Access Settings

Understanding the Risks of Pre-Windows 2000 Compatible Access Settings

  • Guido Grillenmeier
  • Feb 14, 2024

[Updated February 14, 2024; originally published November 29, 2021] The number and scope of confusing and risky security settings in Active Directory are becoming better known with every new cyberattack. Many of these vulnerabilities can be attributed to risky configurations that have accumulated in legacy environments over time. But IT…

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 3)

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 3)

  • Daniel Petri
  • Jan 23, 2024

Welcome to the final installment of this series discussing CISA and NSA top ten cybersecurity misconfigurations in the context of hybrid Active Directory environments. Active Directory is the identity system for most organizations: a critical part of your infrastructure, and a prime target for cyberattackers. This week, I’ll discuss the…

Pass the Hash Attack Defense: AD Security 101

Pass the Hash Attack Defense: AD Security 101

  • Daniel Petri
  • Jan 18, 2024

Many Active Directory attacks begin with a stolen password. However, a Pass the Hash attack takes a different approach. In this example of credential theft, threat actors instead steal a user’s password hash. The attack is difficult to detect and can lead to privilege escalation and serious damage to your…

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 2)

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 2)

  • Daniel Petri
  • Jan 17, 2024

When it comes to cybersecurity—especially the security of critical identity infrastructure—the minimum expectation for every organization should be closing known vulnerabilities and configuration gaps. Welcome to the second of our three-part discussion of how the CISA and NSA top ten cybersecurity misconfigurations list applies to hybrid Active Directory environments and…