Threat Research Blog posts from AD security experts - Semperis

How to Defend Against Ransomware-as-a-Service Groups That Attack Active Directory

Semperis Team

Concern about the Colonial Pipeline ransomware attack by DarkSide has expanded beyond the cybersecurity industry and into the consciousness of the everyday consumer—an indicator of the extensive implications the attack has on the global economy. In response, the Biden administration issued an executive order and held a press conference, and…

Hafnium Attack Timeline

Sean Deuby | Principal Technologist, Americas

The attacks on Microsoft Exchange servers around the world by Chinese state-sponsored threat group Hafnium are believed to have affected over 21,000 organizations. The impact of these attacks is growing as the four zero-day vulnerabilities are getting picked up by new threat actors. While the world was introduced to these…

DnsAdmins Revisited

Yuval Gordon

How Potential Attackers Can Achieve Privileged Persistence on a DC through DnsAdmins The Semperis Research Team recently expanded on previous research showing a feature abuse in the Windows Active Directory (AD) environment where users from the DnsAdmins group could load an arbitrary DLL into a DNS service running on a…

New Research: Detecting DCShadow on Rogue Hosts

Darren Mar-Elia | VP of Products

10,000-foot view: Many of us are familiar with the variety of tools, attacks, and adversaries that focus on breaching Active Directory. With the release in 2018 of DCShadow, another highly effective vector was added to that ever-increasing list. To the credit of the research team, along with the exploit, they…

Understanding Group Policy Privilege Escalation in CVE-2020-1317

Darren Mar-Elia | VP of Products

Last month, Microsoft released an advisory for CVE-2020-1317 which describes a privilege escalation vulnerability in Group Policy. This was further detailed by the discoverer of the vulnerability on the Cyberark website. The nature of this issue is interesting and worth understanding. For years, Group Policy has had this dichotomy built into its…

New Forrester TEI Report: Semperis Slashes Downtime by 90%, Saving Customers Millions

Semperis Extends ML-Based Attack Detection with Specialized Identity Risk Focus

Semperis Wins CRN’s Prestigious Partner Program Guide Three Consecutive Years

Semperis Study on Cyberattacks Against Water and Electricity Utilities Underscore the Vulnerability of Critical Infrastructure

Semperis Named to Inc. Magazine’s Annual List of Best Workplaces for Fourth Consecutive Year

Threat Research

Categories

Chat with an expert

Download Purple Knight

How to Defend Against Ransomware-as-a-Service Groups That Attack Active Directory

Hafnium Attack Timeline

DnsAdmins Revisited

New Research: Detecting DCShadow on Rogue Hosts

Understanding Group Policy Privilege Escalation in CVE-2020-1317

Experience a personalized demo

Unleash Purple Knight

New Forrester TEI Report: Semperis Slashes Downtime by 90%, Saving Customers Millions

Semperis Extends ML-Based Attack Detection with Specialized Identity Risk Focus

Semperis Wins CRN’s Prestigious Partner Program Guide Three Consecutive Years

Semperis Study on Cyberattacks Against Water and Electricity Utilities Underscore the Vulnerability of Critical Infrastructure

Semperis Named to Inc. Magazine’s Annual List of Best Workplaces for Fourth Consecutive Year

Threat Research

Categories

Chat with an expert

Download Purple Knight

How to Defend Against Ransomware-as-a-Service Groups That Attack Active Directory

Hafnium Attack Timeline

DnsAdmins Revisited

New Research: Detecting DCShadow on Rogue Hosts

Understanding Group Policy Privilege Escalation in CVE-2020-1317

Sign Up for the Latest Semperis News

Experience a personalized demo

Unleash Purple Knight