Semperis DEMO: Recovering Active Directory cleanly: without re-introducing malware

Cyber Scenarios Expose Shortcomings of BMR

Ransomware and wiper attacks are causing organizations to re-evaluate their backup and recovery capabilities. An obvious concern is whether backups are safe – for example, are they offline where they can’t be encrypted or wiped. While this is a good first step, it’s just that. We also need to evaluate ... Read More
Why Most Organizations Still Can’t Defend against DCShadow – Part 2

Why Most Organizations Still Can’t Defend against DCShadow – Part 2

In part 1 of this blog post, I talked about the threat that DCShadow poses to organizations that use Microsoft Active Directory (AD). Here in part 2, I’ll talk about steps you can take to protect your organization. (Quick recap: DCShadow is a feature of the Mimikatz post-exploitation tool that ... Read More
DCShadow Blog - Adding Domain Admin SID

Why Most Organizations Still Can’t Defend against DCShadow

DCShadow is a readily available technique that allows an attacker to establish persistent privileged access in Active Directory (AD). Specifically, DCShadow allows an attacker with privileged access to create and edit arbitrary objects in AD without anyone knowing. This allows the attacker to create backdoors all over AD that can’t ... Read More

NSA sounds the alarm on BlueKeep: Windows vulnerability opens the door for the next WannaCry

It’s been just over two years since WannaCry, the ransomware that exploited the EternalBlue vulnerability to infect hundreds of thousands of computers around the world and inflict an estimated $8B in damages. If history repeats itself, we’re in for another assault in the next 30 days. On May 14, Microsoft ... Read More
Group Policy Security– Tinkering with External Paths

Group Policy Security– Tinkering with External Paths

If you’ve been following this blog, you know that about 2 and half years ago, I started talking about Group Policy’s precarious role in the typical enterprise’s security posture. Many, if not most, AD shops use GP to perform security hardening on their Windows desktops and servers. This includes everything ... Read More