Identity Threat Detection & Response
Categories
- Active Directory Backup & Recovery (64)
- Active Directory Security (222)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (68)
- Identity Attack Catalog (31)
- Identity Threat Detection & Response (147)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- Semperis University (4)
- The CISO's Perspective (16)
- Threat Research (68)
Cyber Scenarios Expose Shortcomings of BMR
- Darren Mar-Elia | VP of Products
Ransomware and wiper attacks are causing organizations to re-evaluate their backup and recovery capabilities. An obvious concern is whether backups are safe – for example, are they offline where they can’t be encrypted or wiped. While this is a good first step, it’s just that. We also need to evaluate…
Why Most Organizations Still Can’t Defend against DCShadow
- Darren Mar-Elia | VP of Products
DCShadow is a readily available technique that allows an attacker to establish persistent privileged access in Microsoft Active Directory (AD). Specifically, DCShadow allows an attacker with privileged access to create and edit arbitrary objects in AD without anyone knowing. This allows the attacker to create backdoors all over AD that…
NSA Sounds the Alarm on BlueKeep
- Darren Mar-Elia | VP of Products
July 29, 2019 Update: With over 800,000 Windows systems still unpatched and vulnerable (as of July 2), concern over BlueKeep remains high, especially after a detailed guide on how to write an exploit was posted online last week. Other indications that the vulnerability is not going unnoticed include publication of…
Your Active Directory was compromised, is it all lost? – Part 2
- David Lieberman
Hi, This is part two of a blog that I had written earlier. The premise of part one was to better understand what are the options that companies face should their Active Directory be compromised. How can they get back up and running as quickly as possible? How can it…
We Can’t Do Anything About The Weather, But…
- Steve Mackay
We Can't Do Anything About The Weather, But… When bad things happen, we can dramatically speed your time to recovery! This seems to be a common concern, and one that is front and center with Board Members and Senior Management. What do we do if we've lost all access to…
NotPetya, the Russian Wiper
- Steve Mackay
You know Petya, and Sandworm, and Spyware, and Rootkits. Mimikatz and WannaCry, and backdoors and botnets.But do you recall....... the most damaging attack of all?....NotPetya the Russian Wiper, had a very nasty bite.And if you ever saw it, you would even say “Good Night!”.All of the other malware’s... used to…
Active Directory Change Resiliency
- Sander Berkouwer
Last month, I have had many discussions with many people on Active Directory Backup and Restore. Now, the obvious topics to talk about are disaster recovery and forest recovery. Of course, we talked about these, but in many of the discussions last month, we focused more on what I’d call…
WannaCry, NotPetya, MBR-ONI and Friends: Tales of Wiper Attacks and Active Directory Destruction
- Mickey Bresman
Ransomware attacks on enterprises are escalating both in frequency and complexity. Many in the security space believe that WannaCry and NotPetya were only a sample of what’s coming. Increasingly, Active Directory (AD) is at the center of cyberattacks, with wipers like MBR-ONI utilizing AD to maximize the attack reach and,…
