Vulnerabilities in Active Directory: The CISO’s Achilles Heel

| | Active Directory
Understanding how compromises occur is a fundamental part of forming a cybersecurity defense. With that in mind, I recently joined Andy Robbins, co-creator of the open source attack path discovery tool, BloodHound, for a webinar that outlined how attackers target Active Directory (AD). During the presentation, we spotlighted an uncomfortable ... Read More
James Forshaw A Link to the Past: Abusing Symbolic Links on Windows

Understanding Group Policy Privilege Escalation in CVE-2020-1317

| | group policy
Last month, Microsoft released an advisory for CVE-2020-1317 which describes a privilege escalation vulnerability in Group Policy. This was further detailed by the discoverer of the vulnerability on the Cyberark website. The nature of this issue is interesting and worth understanding. For years, Group Policy has had this dichotomy built ... Read More
What's New: DSP 3.0

Take back the keys to your kingdom with the latest release of Semperis Directory Services Protector

| | Uncategorized
Active Directory is foundational to everything you do and the #1 new target for attackers. Since it wasn’t originally built with today’s threats in mind, Active Directory is riddled with inherent soft spots and risky configurations that attackers are readily taking advantage of. We, here at Semperis, are excited to ... Read More
What's New: DSP 3.0

Take Back the Keys to Your Kingdom With the Latest Release of Semperis Directory Services Protector

Active Directory is foundational to everything you do and the #1 new target for attackers. Since it wasn’t originally built with today’s threats in mind, Active Directory is riddled with inherent soft spots and risky configurations that attackers are readily taking advantage of. We, here at Semperis, are excited to ... Read More
Semperis DEMO: Recovering Active Directory cleanly: without re-introducing malware

Cyber Scenarios Expose Shortcomings of BMR

Ransomware and wiper attacks are causing organizations to re-evaluate their backup and recovery capabilities. An obvious concern is whether backups are safe – for example, are they offline where they can’t be encrypted or wiped. While this is a good first step, it’s just that. We also need to evaluate ... Read More
Why Most Organizations Still Can’t Defend against DCShadow – Part 2

Why Most Organizations Still Can’t Defend against DCShadow – Part 2

In part 1 of this blog post, I talked about the threat that DCShadow poses to organizations that use Microsoft Active Directory (AD). Here in part 2, I’ll talk about steps you can take to protect your organization. (Quick recap: DCShadow is a feature of the Mimikatz post-exploitation tool that ... Read More
DCShadow Blog - Adding Domain Admin SID

Why Most Organizations Still Can’t Defend against DCShadow

DCShadow is a readily available technique that allows an attacker to establish persistent privileged access in Active Directory (AD). Specifically, DCShadow allows an attacker with privileged access to create and edit arbitrary objects in AD without anyone knowing. This allows the attacker to create backdoors all over AD that can’t ... Read More

NSA sounds the alarm on BlueKeep: Windows vulnerability opens the door for the next WannaCry

It’s been just over two years since WannaCry, the ransomware that exploited the EternalBlue vulnerability to infect hundreds of thousands of computers around the world and inflict an estimated $8B in damages. If history repeats itself, we’re in for another assault in the next 30 days. On May 14, Microsoft ... Read More
Group Policy Security– Tinkering with External Paths

Group Policy Security– Tinkering with External Paths

If you’ve been following this blog, you know that about 2 and half years ago, I started talking about Group Policy’s precarious role in the typical enterprise’s security posture. Many, if not most, AD shops use GP to perform security hardening on their Windows desktops and servers. This includes everything ... Read More