Identity Threat Detection & Response

Understanding the Risks of Pre-Windows 2000 Compatible Access Settings

Understanding the Risks of Pre-Windows 2000 Compatible Access Settings

  • Guido Grillenmeier
  • Feb 14, 2024

[Updated February 14, 2024; originally published November 29, 2021] The number and scope of confusing and risky security settings in Active Directory are becoming better known with every new cyberattack. Many of these vulnerabilities can be attributed to risky configurations that have accumulated in legacy environments over time. But IT…

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 3)

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 3)

  • Daniel Petri
  • Jan 23, 2024

Welcome to the final installment of this series discussing CISA and NSA top ten cybersecurity misconfigurations in the context of hybrid Active Directory environments. Active Directory is the identity system for most organizations: a critical part of your infrastructure, and a prime target for cyberattackers. This week, I’ll discuss the…

Pass the Hash Attack Defense: AD Security 101

Pass the Hash Attack Defense: AD Security 101

  • Daniel Petri
  • Jan 18, 2024

Many Active Directory attacks begin with a stolen password. However, a Pass the Hash attack takes a different approach. In this example of credential theft, threat actors instead steal a user’s password hash. The attack is difficult to detect and can lead to privilege escalation and serious damage to your…

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 2)

NSA Top Ten Cybersecurity Misconfigurations: An Active Directory Perspective (Part 2)

  • Daniel Petri
  • Jan 17, 2024

When it comes to cybersecurity—especially the security of critical identity infrastructure—the minimum expectation for every organization should be closing known vulnerabilities and configuration gaps. Welcome to the second of our three-part discussion of how the CISA and NSA top ten cybersecurity misconfigurations list applies to hybrid Active Directory environments and…

How to Defend Against Golden Ticket Attacks: AD Security 101

How to Defend Against Golden Ticket Attacks: AD Security 101

  • Daniel Petri
  • Jan 04, 2024

Golden Ticket attacks are particularly cunning. Like Kerberoasting, Golden Ticket attacks exploit the Kerberos authentication system and are one of the most severe threats to Active Directory environments. Here’s more information about this type of attack and how you can defend your Active Directory environment. What is a Golden Ticket…

Top 3 Identity-Based Attack Trends to Watch in 2024

Top 3 Identity-Based Attack Trends to Watch in 2024

  • Semperis
  • Jan 02, 2024

Each year, the total number of cyberattacks and cost of ransomware-related damage increases globally. Microsoft recently reported that attempted password attacks have soared “from around 3 billion per month to over 30 billion.” Clearly, a proactive approach to mitigating identity-based attacks is a good New Year’s resolution. To help you…

Holiday Cybersecurity Tips

Holiday Cybersecurity Tips

  • Sean Deuby
  • Dec 19, 2023

The holidays are a busy time for shoppers, retail businesses—and cybercriminals. The Cybersecurity and Infrastructure Security Agency (CISA) has previously noted “an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed” and has called holiday shopping seasons “a prime opportunity for bad actors to…

How to Defend Against MFA Fatigue Attacks: AD Security 101

How to Defend Against MFA Fatigue Attacks: AD Security 101

  • Daniel Petri
  • Dec 05, 2023

An MFA fatigue attack—also known as MFA bombing—is an attack tactic, technique, and procedure (TTP) in which a threat actor floods users with multifactor authentication (MFA) requests. By overwhelming, confusing, or distracting the user into approving a fraudulent request, attackers hope to gain access to your network environment. Microsoft recently…