Threat Research

Golden dMSA: What Is dMSA Authentication Bypass?

Golden dMSA: What Is dMSA Authentication Bypass?

  • Adi Malyanker | Security Researcher
  • Jul 16, 2025

Delegated Managed Service Accounts are designed to revolutionize service account management. But Semperis researchers have discovered a critical design flaw that attackers can exploit for persistence and privilege escalation in AD environments with dMSAs. Learn about Golden dMSA and its risks.

How to Block BadSuccessor: The Good, Bad, and Ugly of dMSA Migration

How to Block BadSuccessor: The Good, Bad, and Ugly of dMSA Migration

  • Jorge de Almeida Pinto
  • Jul 10, 2025

The BadSuccessor privilege escalation technique presents a severe risk to Active Directory environments that use delegated Managed Service Accounts. Learn how blocking dMSA migration prevents attackers from misusing a dMSA to take over an AD domain.

nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications

nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications

  • Eric Woodruff
  • Jun 25, 2025

Key findings In testing 104 applications, Semperis found 9 (or roughly 9%) that were vulnerable to nOAuth abuse. As the abuse has been already disclosed, the ability to perform nOAuth is low complexity. nOAuth abuse exploits cross-tenant vulnerabilities and can lead to SaaS application data exfiltration, persistence, and lateral movement.…

LDAP Reconnaissance Explained

LDAP Reconnaissance Explained

  • Huy Kha | Senior Identity & Security Architect
  • Mar 06, 2025

Lightweight Directory Access Protocol (LDAP) reconnaissance is an approach that enables attackers to discover valuable details about an organization, such as user accounts, groups, computers, and privileges. Learn how to detect LDAP reconnaissance and how cyberattackers can use this method as part of an attempt to compromise your environment. What…

Group Policy Abuse Explained

Group Policy Abuse Explained

  • Huy Kha | Senior Identity & Security Architect
  • Feb 27, 2025

Group Policy is a key configuration and access management feature in the Windows ecosystem. The breadth and level of control embodied in Group Policy Objects (GPOs) within Active Directory make Group Policy abuse a popular method for attackers who want to establish or strengthen a foothold in your environment. Here's…

Password Spraying Explained

Password Spraying Explained

  • Huy Kha | Senior Identity & Security Architect
  • Feb 22, 2025

Password spraying is a top cyber threat, named in the recent report from the cybersecurity agencies in the Five Eyes alliance. What is password spraying, how have cyberattackers used it in the past, and how can you detect and defend your hybrid Active Directory environment against password spraying attacks? What…

Golden Ticket Attack Explained

Golden Ticket Attack Explained

  • Huy Kha | Senior Identity & Security Architect
  • Feb 02, 2025

A Golden Ticket attack occurs when an attacker forges a Kerberos Ticket Granting Ticket (TGT) to gain full control over an Active Directory environment. By compromising the KRBTGT account, which signs all Kerberos tickets, the attacker can create fake tickets for any user and gain access to any resource within…

How to Defend Against Silver Ticket Attacks

How to Defend Against Silver Ticket Attacks

  • Daniel Petri | Senior Training Manager
  • Feb 02, 2025

In the complex world of cybersecurity, Golden Ticket and Silver Ticket attacks stand out as two crafty methods targeting the Kerberos authentication system. Although both attacks exploit the same system, their approaches, objectives, and implications differ. Here’s what you need to know about Silver Ticket attacks, including how they differ…