Threat Research
Categories
- Active Directory Backup & Recovery (56)
- Active Directory Security (181)
- AD Security 101 (16)
- Community Tools (17)
- Directory Modernization (9)
- From the Front Lines (67)
- Hybrid Identity Protection (60)
- Identity Attack Catalog (10)
- Identity Threat Detection & Response (122)
- Our Mission: Be a Force for Good (14)
- Purple Knight (5)
- The CISO's Perspective (13)
- Threat Research (48)
- Uncategorized (1)
Identity Attack Watch: September 2022
- Semperis Research Team
- Sep 30, 2022
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
New Attack Paths? AS Requested Service Tickets
- Charlie Clark
- Sep 27, 2022
While helping Andrew Schwartz with his Kerberos FAST post (which has more information about what FAST is and how it works, so have a read), I noticed something interesting. AS-REQs for machine accounts are unarmored. Kerberos armoring is described by Microsoft: Kerberos armoring uses a ticket-granting ticket (TGT) for the…
Identity Attack Watch: August 2022
- Semperis Research Team
- Aug 31, 2022
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
SMTP Matching Abuse in Azure AD
- Sapir Federovsky and Tomer Nahum
- Aug 30, 2022
In his TROOPERS19 talk (“I’m in your cloud … reading everyone’s email”), Dirk-jan Mollema discussed an issue he discovered that enabled the use of SMTP matching (also called soft matching) to synchronize Active Directory (AD) users to Azure AD, with the goal of hijacking unsynchronized accounts. Jan stated that Microsoft…
CVE-2022-26923: Know Your AD Vulnerability
- Semperis Research Team
- Aug 02, 2022
On May 10, 2022, a vulnerability within Active Directory (AD) and Active Directory Certificate Services (AD CS) was disclosed and patched. This AD vulnerability can lead to privilege escalation. In default installations of AD CS, a low-privileged user can exploit the vulnerability by requesting an authentication certificate and then using…
Identity Attack Watch: July 2022
- Semperis Research Team
- Jul 29, 2022
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
A Diamond Ticket in the Ruff
- Charlie Clark
- Jul 05, 2022
[Editor’s note: This blog was co-authored by Andrew Schwartz at TrustedSec.] One day, while browsing YouTube, we came across a Black Hat 2015 presentation by Tal Be’ery and Michael Cherny. In their talk and subsequent brief, Watching the Watchdog: Protecting Kerberos Authentication with Network Monitoring, Be’ery and Cherny outlined something…
Identity Attack Watch: June 2022
- Semperis Research Team
- Jun 30, 2022
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD…
