Threat Research

How to Defend Against SID History Injection

How to Defend Against SID History Injection

  • Daniel Petri
  • May 03, 2024

Security Identifier (SID) History injection is a sophisticated cyberattack vector that targets Windows Active Directory environments. This attack exploits the SID History attribute, which is intended to maintain user access rights during migrations from one domain to another. By injecting malicious SID values into this attribute, an attacker can escalate…

Meet Silver SAML: Golden SAML in the Cloud

Meet Silver SAML: Golden SAML in the Cloud

  • Tomer Nahum and Eric Woodruff
  • Feb 29, 2024

Key findings Golden SAML, an attack technique that exploits the SAML single sign-on protocol, was used as a post-breach exploit, compounding the devastating SolarWinds attack of 2020—one of the largest breaches of the 21st century. The supply chain SolarWinds attack affected thousands of organizations around the world, including the U.S.…

How to Defend Against a Pass the Ticket Attack: AD Security 101

How to Defend Against a Pass the Ticket Attack: AD Security 101

  • Daniel Petri
  • Jan 11, 2024

Any organization that relies on Kerberos authentication—the primary authentication method in Active Directory environments—is potentially vulnerable to a Pass the Ticket attack. Organizations that do not regularly patch their systems, monitor and secure Active Directory, and follow robust security measures for credential and ticket protection are at a higher risk.…

Purple Knight Okta indicators Super Admin and MFA screenshot

Using Purple Knight to Detect the Okta Super Admin Attack

  • Yossi Rachman
  • Sep 07, 2023

The recent increase in sophisticated cyberattacks highlights the vulnerabilities inherent in online platforms and identity management systems. To address the increased risk, Semperis recently expanded Purple Knight, its open-source, community-based vulnerability assessment tool, to encompass the Okta identity management platform. This strategic move is geared toward bolstering the security of…

Semperis Offers New Protection Against Okta Breaches

Semperis Offers New Protection Against Okta Breaches

  • Semperis Research Team
  • Aug 30, 2023

In an ever-evolving digital landscape, organizations rely on robust identity protection solutions to safeguard sensitive data and maintain secure operations. For most enterprise businesses, that means protecting Active Directory and Entra ID (formerly Azure AD). But identity protection is just as vital for organizations that use Okta, a cloud-based identity…

How to Protect Active Directory Against Kerberoasting: AD Security 101

How to Protect Active Directory Against Kerberoasting: AD Security 101

  • Daniel Petri
  • Aug 25, 2023

Active Directory (AD) remains a crucial backbone for enterprise IT environments, centralizing authentication and authorization for users and computers. However, Active Directory’s importance—coupled with its age and the technical debt it often accrues—makes it a primary target for cyberattacks. One common attack technique, called Kerberoasting, exploits the Kerberos authentication protocol…

How to Prevent a Man-in-the-Middle Attack: AD Security 101

How to Prevent a Man-in-the-Middle Attack: AD Security 101

  • Daniel Petri
  • Jul 13, 2023

A man-in-the-middle attack, also known as an MitM attack, is a form of eavesdropping in an attempt to steal sensitive data, such as user credentials. These attacks can pose a serious threat to organizations' network security, particularly in environments that use Microsoft Active Directory (AD) for identity management. As Active…

Transitive Trust and Breaking Trust Transitivity: AD Security 101

Transitive Trust and Breaking Trust Transitivity: AD Security 101

  • Charlie Clark
  • Mar 14, 2023

While playing with Kerberos tickets, I discovered an issue that allowed me to authenticate to other domains within an Active Directory (AD) forest across external non-transitive trusts. This means that there is in fact no such thing as a “non-transitive trust.” The term is at best misleading and offers systems…