Purple Knight Scoring Improves Understanding of Identity System Security Vulnerabilities
Our latest Purple Knight (PK) v4.2 release introduces fundamental changes, particularly concerning the new scoring calculation. Changing from a broader approach that considered all indicators, we’ve now zeroed in on... The post Purple Knight Scoring Improves Understanding of Identity System Security Vulnerabilities appeared first on Semperis ... Read More
Closing Attack Paths to Tier 0 Assets with Forest Druid
After announcing Forest Druid, our free Tier 0 attack path discovery tool, at Black Hat 2022, we’ve used it to help some of the largest organizations in the world close off attack paths to Tier 0 Active Directory assets. Our work with these organizations has validated that defenders can save ... Read More
Detecting and Mitigating the PetitPotam Attack on Windows Domains
Fresh on the heels of PrintNightmare and SeriousSam, we now have another high-impact attack vector on Windows domains that is relatively easy to carry out and difficult to mitigate. What is now being hailed across Twitter as #PetitPotam is a combination of several attacks that require only network access with ... Read More
What You Need to Know about PrintNightmare, the Critical Windows Print Spooler Vulnerability
Update July 6, 2021: Microsoft has released a patch for CVE 2021-34527, available here. Another week, another critical vulnerability. The latest critical security flaw is dubbed “PrintNightmare,” a reference to two vulnerabilities in the Windows Print Spooler service—CVE 2021-1675 and CVE 2021-34527, published between June and July 2021. CVE 2021-1675 ... Read More
