Identity Threat Detection & Response
Categories
- Active Directory Backup & Recovery (63)
- Active Directory Security (216)
- AD Security 101 (17)
- Community Tools (19)
- Directory Modernization (9)
- From the Front Lines (69)
- Hybrid Identity Protection (68)
- Identity Attack Catalog (29)
- Identity Threat Detection & Response (144)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- Semperis University (2)
- The CISO's Perspective (16)
- Threat Research (68)
Unconstrained Delegation Explained
- Huy Kha | Senior Identity & Security Architect
- Jan 26, 2025
Cybersecurity agencies from the Five Eyes alliance, including CISA and the NSA, have urged organizations to strengthen security around Microsoft Active Directory (AD), a prime target for cyberattackers. The alliance’s recent report highlights more than a dozen tactics that threat actors use to exploit AD. Among these common techniques is…
AS-REP Roasting Explained
- Huy Kha | Senior Identity & Security Architect
- Jan 25, 2025
Authentication Server Response (AS-REP) Roasting enables attackers to request encrypted authentication responses for accounts in Active Directory that have Kerberos pre-authentication disabled. AS-REP Roasting is one of the Active Directory threats that cybersecurity agencies in the Five Eyes alliance warn about in the recent report, Detecting and Mitigating Active Directory…
Your DORA Compliance Checklist for Identity Defence
- Daniel Lattimer | Area Vice President - EMEA West
- Jan 17, 2025
This week, the European Union’s Digital Operational Resilience Act (DORA) goes into effect in an effort to provide a clear roadmap for enhancing cybersecurity across the financial services industry. All financial entities operating in or with the EU—as well as information and communication technology (ICT) providers that support such entities—are…
Zerologon Exploit Explained
- Huy Kha | Senior Identity & Security Architect
- Nov 15, 2024
In a Zerologon exploit, an attacker with access to a network takes advantage of a critical flaw in the Netlogon Remote Protocol (MS-NRPC) to impersonate any computer, including a domain controller (DC). This flaw is known as Zerologon—a vulnerability that can give attackers full control over a domain. What is…
Password Spraying Detection in Active Directory
- Huy Kha | Senior Identity & Security Architect
Password spraying detection is a vital ability for all organizations. In a password spraying attack, the attacker attempts to gain unauthorized access by trying a few common or weak passwords across many accounts rather than targeting a single account with many passwords. The idea is to test several passwords, hoping…
The 5 Pillars for DORA Compliance in Active Directory
- Daniel Lattimer | Area Vice President - EMEA West
The Digital Operational Resilience Act (DORA) is an incoming European Union (EU) legislative framework aimed at fortifying the operational resilience of digital systems within the financial sector. All finance entities that operate in or with the EU need to achieve DORA compliance by early 2025, as do information and communication…
A New App Consent Attack: Hidden Consent Grant
- Adi Malyanker | Security Researcher
Key findings An Application Consent attack, also known as an Illicit Consent Grant attack, is a type of phishing attack in which a malicious actor gains access to an application and then exploits permissions that have been granted to that app. Semperis researcher Adi Malyanker has discovered that under certain…
UnOAuthorized: Privilege Elevation Through Microsoft Applications
- Eric Woodruff
This article details a series of Semperis security research team discoveries that resulted in the ability to perform actions in Entra ID beyond expected authorization controls, based on analysis of the OAuth 2.0 scope (permissions). Our most concerning discovery involved the ability to add and remove users from privileged roles,…
