REGISTER to join us in Charleston for the Hybrid Identity Protection Conference — October 7-9
Back to blogs listing

Identity Threat Detection & Response

Categories

Chat with an expert

Modernize your AD

Request Demo

Download Purple Knight

Free Active Directory Security Assessment

Read more
nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications

nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications

  • Eric Woodruff
  • Jun 25, 2025

Key findings In testing 104 applications, Semperis found 9 (or roughly 9%) that were vulnerable to nOAuth abuse. As the abuse has been already disclosed, the ability to perform nOAuth is low complexity. nOAuth abuse exploits cross-tenant vulnerabilities and can lead to SaaS application data exfiltration, persistence, and lateral movement.…

How to Defend Against Password Guessing Attacks

How to Defend Against Password Guessing Attacks

  • Daniel Petri | Senior Training Manager
  • Jun 13, 2025

Here’s what you need to know about password guessing and how to protect Active Directory—and your organization.

BadSuccessor: How to Detect and Mitigate dMSA Privilege Escalation

BadSuccessor: How to Detect and Mitigate dMSA Privilege Escalation

  • Semperis Team
  • Jun 05, 2025

The BadSuccessor Active Directory attack technique exploits a dangerous Windows Server 2025 vulnerability. Learn how DSP indicators of exposure and compromise enable you to proactively halt malicious activity.

What is Identity Attack Surface Management?

What is Identity Attack Surface Management?

  • Daniel Petri | Senior Training Manager
  • May 23, 2025

A specialized identity attack surface management (IASM) practice is not optional. It’s a fundamental necessity for organizations that rely on identity services like Active Directory.

Top 10 Active Directory Risks IFIR Has Caught in the Wild

Top 10 Active Directory Risks IFIR Has Caught in the Wild

  • Huy Kha | Senior Identity & Security Architect
  • May 15, 2025

Identity Forensics and Incident Response prioritizes business resilience, starting with understanding threats and reducing the attack surface. Tackle these 10 common AD risks now to strengthen your identity security.

Defending Against Cable: Prevent Malicious Use of Post-Exploitation Tool

Defending Against Cable: Prevent Malicious Use of Post-Exploitation Tool

  • Huy Kha | Senior Identity & Security Architect
  • May 06, 2025

Post-exploitation tools—such as Cable, the Active Directory-specific pentesting tool—are meant to educate security teams. But attackers use them too. Here’s how to detect and defend against malicious use of the Cable tool.

Redefining Cyber Crisis Management

Redefining Cyber Crisis Management

  • Mickey Bresman
  • Apr 25, 2025

Cyber resilience isn't just about technology—it's about people, processes, and the ability to act decisively when everything is on the line. It's about discipline, preparation, confidence, and the ability to adapt under pressure. At Semperis, we've spent years helping organizations recover from identity-based cyberattacks. But time and again, we’ve seen…

Microsoft Entra Connect Compromise Explained

Microsoft Entra Connect Compromise Explained

  • Huy Kha | Senior Identity & Security Architect
  • Mar 28, 2025

In hybrid identity environments, attackers that manage to breach either the on-premises Active Directory or cloud-based Entra ID typically attempt to expand their reach throughout your identity environment. If your identity infrastructure includes Entra ID, make sure you understand how to detect and defend against Entra Connect compromise. What is…