Identity Threat Detection & Response
Categories
- Active Directory Backup & Recovery (64)
- Active Directory Security (223)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (68)
- Identity Attack Catalog (31)
- Identity Threat Detection & Response (148)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- Semperis University (5)
- The CISO's Perspective (16)
- Threat Research (68)
Hafnium Attack Timeline
- Sean Deuby | Principal Technologist, North America
The attacks on Microsoft Exchange servers around the world by Chinese state-sponsored threat group Hafnium are believed to have affected over 21,000 organizations. The impact of these attacks is growing as the four zero-day vulnerabilities are getting picked up by new threat actors. While the world was introduced to these…
How to Defend Against Active Directory Attacks That Leave No Trace
- Guido Grillenmeier | Principal Technologist, EMEA
Cybercriminals are using new tactics and techniques to gain access to Active Directory in novel ways, making their attacks even more dangerous—and more necessary to detect. One of the most important parts of any cybersecurity strategy is detection. Having an ability to spot the bad guy entering, moving about, or worse—administering—your network is…
DnsAdmins Revisited
- Yuval Gordon
How Potential Attackers Can Achieve Privileged Persistence on a DC through DnsAdmins The Semperis Research Team recently expanded on previous research showing a feature abuse in the Windows Active Directory (AD) environment where users from the DnsAdmins group could load an arbitrary DLL into a DNS service running on a…
Leading CISOs Discuss Shifting Priorities Amidst Increased Security Threats
- Semperis Team
What keeps CISOs up at night? And where should CISOs focus to bring value to the business? How should priorities shift given the proliferation of cyberattacks that threaten to disrupt businesses worldwide? To help cut through some of the noise, we partnered with Redmond Magazine to convene leading CISOs in a discussion…
CISA’s Ransomware Guidance Is Reminder to Include AD in Recovery Plan
- Semperis Team
Any ransomware recovery plan needs to include regular file backups and encrypted data with offline copies, as the Cybersecurity and Infrastructure Security Agency (CISA) recently reminded as part of the organization’s campaign to drive awareness of its ransomware guidance and resources. The guidance includes best practices and checklists to help…
Semperis Contributes to Two NIST Data Integrity Practice Guides
- Michele Crockett
NIST recommends complementary solutions, much like a team of security superheroes To succeed in protecting your company’s data against ransomware, you need to proceed as if you’re assembling a team of superheroes. Each team member has a singular power that individually appears limited. But together, they can conquer evil. As the number of cyberattacks…
Hybrid Identity Protection (HIP) Predictions for 2021
- Thomas Leduc
2020 was a hugely disruptive year across the globe. And while cybersecurity may have been background noise to a world tuned to health and financial issues, widespread cyberattacks have left reverberations that will be felt for years to come. We asked expert speakers from the recent Hybrid Identity Protection (HIP) Conference to share a brief look back at what happened in 2020 and what they're focusing on in the year ahead as…
NotPetya Flashback: The Latest Supply-Chain Attack Puts Active Directory at Risk of Compromise
- Chris Roberts
Last week, news broke that a sophisticated adversary penetrated FireEye's network and stole the company's Red Team assessment tools. The attack is reportedly linked to a larger supply-chain assault that struck government, consulting, technology, and telecom organizations throughout North America, Europe, Asia, and the Middle East. To get an idea of what this stolen toolset…
