How to Defend Against Golden Ticket Attacks: AD Security 101
Golden Ticket attacks are particularly cunning. Like Kerberoasting, Golden Ticket attacks exploit the Kerberos authentication system and are one of the most severe threats to Active Directory environments. Here’s more... The post How to Defend Against Golden Ticket Attacks: AD Security 101 appeared first on Semperis ... Read More
How to Defend Against MFA Fatigue Attacks: AD Security 101
An MFA fatigue attack—also known as MFA bombing—is an attack tactic, technique, and procedure (TTP) in which a threat actor floods users with multifactor authentication (MFA) requests. By overwhelming, confusing,... The post How to Defend Against MFA Fatigue Attacks: AD Security 101 appeared first on Semperis ... Read More
Protecting Active Directory from Kerberoasting
Active Directory (AD) remains a crucial backbone for enterprise IT environments, centralizing authentication and authorization for users and computers. However, Active Directory’s importance—coupled with its age and the technical debt... The post Protecting Active Directory from Kerberoasting appeared first on Semperis ... Read More
AD Security 101: Man-in-the-Middle Attacks
Man-in-the-middle attacks, also known as MitM attacks, are a form of eavesdropping. These attacks can pose a serious threat to organizations’ network security, particularly in environments that use Microsoft Active... The post AD Security 101: Man-in-the-Middle Attacks appeared first on Semperis ... Read More
AD Security 101: Securing Primary Group IDs
Welcome to AD Security 101, a series that covers the basics of Active Directory (AD) security. This week, we look at primary group IDs and how unnecessary changes to them... The post AD Security 101: Securing Primary Group IDs appeared first on Semperis ... Read More
AD Security 101: Resource-Based Constraint Delegation
Resource-based constraint delegation (RBCD) is an Active Directory (AD) security feature that enables administrators to delegate permissions in order to manage resources more securely and with greater control. Introduced in... The post AD Security 101: Resource-Based Constraint Delegation appeared first on Semperis ... Read More
AD Security 101: Lock Down Risky User Rights
In Active Directory (AD) environments, you can use Group Policy Objects (GPOs) to configure user rights. By using GPOs, you can easily enforce consistent user rights policies across all computers... The post AD Security 101: Lock Down Risky User Rights appeared first on Semperis ... Read More
AD Security 101: GPO Logon Script Security
In Active Directory (AD) environments, Group Policy Objects (GPOs) can be used to configure logon scripts. These scripts can be powerful tools to manage and automate the logon process for... The post AD Security 101: GPO Logon Script Security appeared first on Semperis ... Read More
AD Security 101: Non-Default Security Principals with DCSync Rights
Misuse of DCSync functionality can lead to vulnerabilities that put Active Directory—and your enterprise network—at risk. The post AD Security 101: Non-Default Security Principals with DCSync Rights appeared first on Semperis ... Read More
AD Security 101: Domain Controller Security
For organizations that use Active Directory (AD), securing domain controllers (DCs) is an essential part of AD security. DCs are critical components of the IT infrastructure. These servers hold sensitive... The post AD Security 101: Domain Controller Security appeared first on Semperis ... Read More
