Top Tips for Protecting Active Directory

Active Directory is one of the most important components of your network. Yet protecting Active Directory can be one of the most challenging tasks on your to-do list. The problem is that AD changes so often and on such a large scale that it’s effectively immune to ordinary change management ... Read More
Hidden Active Directory User

Hiding in Plain Sight — Discovering Hidden Active Directory Objects

| | Active Directory
Note: Updated March 30, 2022 At a past Hybrid Identity Protection Conference, several of us spoke about the ongoing use of Active Directory as a subject of interest in malware attacks. Whether it’s mining AD for information about privileged access, compromising user accounts that lead to increasing levels of privilege ... Read More
Display Specifiers in the Configuration partition

Active Directory Security: Abusing Display Specifiers

I was reminded recently about a feature in AD that I haven’t used in nearly 20 years, one that can be abused by attackers. This feature is based on an area in the Configuration partition within a given Active Directory forest called Display Specifiers. I’m sure these have many roles ... Read More
Good Riddance, Red Forest: Understanding Microsoft’s New Privileged Access Management Strategy

Good Riddance, Red Forest: Understanding Microsoft’s New Privileged Access Management Strategy

| | Active Directory
As far back as 2012, Microsoft released the first version of its important “Mitigating Pass-the-Hash and Credential Theft” whitepapers. In this first version, Microsoft defined the problem of lateral movement and privilege escalation within a Windows Active Directory on-premises environment and included best practices for mitigating these kinds of attacks at the time. Two years later, Microsoft released version 2 ... Read More

Egregor Ransomware Attack on Kmart is a Reminder that Active Directory Needs to Be Protected and Recoverable

| | Ransomware
The latest ransomware-as-a-service attack leaves the well-known retailer, Kmart, with service outages and a compromised Active Directory.   In the wake of Maze ransomware “retiring” last month, many of its affiliates have moved to the new kid on the ransomware block, Egregor. Named after an occult term meaning the collective energy or force ... Read More
New Research: Detecting DCShadow on Rogue Hosts

New Research: Detecting DCShadow on Rogue Hosts

| | DCShadow Attack
10,000-foot view: Many of us are familiar with the variety of tools, attacks, and adversaries that focus on breaching Active Directory. With the release in 2018 of DCShadow, another highly effective vector was added to that ever-increasing list. To the credit of the research team, along with the exploit, they ... Read More

Vulnerabilities in Active Directory: The CISO’s Achilles Heel

| | Active Directory
Understanding how compromises occur is a fundamental part of forming a cybersecurity defense. With that in mind, I recently joined Andy Robbins, co-creator of the open source attack path discovery tool, BloodHound, for a webinar that outlined how attackers target Active Directory (AD). During the presentation, we spotlighted an uncomfortable ... Read More
James Forshaw A Link to the Past: Abusing Symbolic Links on Windows

Understanding Group Policy Privilege Escalation in CVE-2020-1317

| | group policy
Last month, Microsoft released an advisory for CVE-2020-1317 which describes a privilege escalation vulnerability in Group Policy. This was further detailed by the discoverer of the vulnerability on the Cyberark website. The nature of this issue is interesting and worth understanding. For years, Group Policy has had this dichotomy built ... Read More
What's New: DSP 3.0

Take Back the Keys to Your Kingdom With the Latest Release of Semperis Directory Services Protector

Active Directory is foundational to everything you do and the #1 new target for attackers. Since it wasn’t originally built with today’s threats in mind, Active Directory is riddled with inherent soft spots and risky configurations that attackers are readily taking advantage of. We, here at Semperis, are excited to ... Read More
What's New: DSP 3.0

Take back the keys to your kingdom with the latest release of Semperis Directory Services Protector

| | Uncategorized
Active Directory is foundational to everything you do and the #1 new target for attackers. Since it wasn’t originally built with today’s threats in mind, Active Directory is riddled with inherent soft spots and risky configurations that attackers are readily taking advantage of. We, here at Semperis, are excited to ... Read More