Identity Attack Catalog

LDAPNightmare Explained

LDAPNightmare Explained

| | Hybrid Identity Protection, Identity Attack Catalog, Threat Research
LDAPNightmare, recently published by SafeBreach Labs, is a proof-of-concept exploit of a known Windows Lightweight Directory Access Protocol (LDAP) denial-of-service vulnerability (CVE-2024-49113). What is LDAPNightmare, how dangerous is this exploit, and how ...
Semperis
Zerologon Exploit Explained

Zerologon Exploit Explained

| | active directory security, Identity Attack Catalog, Identity Threat Detection & Response
In a Zerologon exploit, an attacker with access to a network takes advantage of a critical flaw in the Netlogon Remote Protocol (MS-NRPC) to impersonate any computer, including a domain controller (DC) ...
Semperis
Keberoasting Explained

Keberoasting Explained

| | Identity Attack Catalog
A recent report from the cybersecurity agencies in the Five Eyes alliance, including CISA and the NSA, urges organizations to strengthen the security of their Microsoft Active Directory (AD) deployments—a prime target ...
Semperis
DCSync Attack Explained

DCSync Attack Explained

| | Identity Attack Catalog
Cybersecurity agencies from the Five Eyes alliance, including CISA and the NSA, are urging organizations to strengthen security around Microsoft Active Directory (AD), a prime target for cyberattackers. The alliance’s recent report ...
Semperis
A New App Consent Attack: Hidden Consent Grant

A New App Consent Attack: Hidden Consent Grant

| | Identity Attack Catalog, Identity Threat Detection & Response, Threat Research
Key findings Within Microsoft Azure, the Directory.ReadWrite.All permission holds significant implications. This permission enables a multitude of actions, including user editing and access to all data within the directory. Sound... The post ...
Semperis
UnOAuthorized: Privilege Elevation Through Microsoft Applications

UnOAuthorized: Privilege Elevation Through Microsoft Applications

| | Identity Attack Catalog, Identity Threat Detection & Response, Threat Research
This article details a series of Semperis security research team discoveries that resulted in the ability to perform actions in Entra ID beyond expected authorization controls, based on analysis of... The post ...
Semperis

How to Defend Against SPN Scanning in Active Directory

| | active directory security, Identity Attack Catalog
Service Principal Name (SPN) scanning is a reconnaissance technique that attackers use in Active Directory environments. This method enables attackers to discover valuable services and associated accounts, which can be... The post ...
Semperis

How to Defend Against Password-Spraying Attacks

| | ad security, AD Security 101, Identity Attack Catalog
In the ever-evolving and complex cybersecurity landscape, Active Directory remains a critical infrastructure component for managing network resources and user authentication. However, its centrality also makes it a prime target... The post ...
Semperis

How to Defend Against SID History Injection

| | active directory security, AD Security 101, Identity Attack Catalog, Identity Threat Detection & Response, Threat Research
Security Identifier (SID) History injection is a sophisticated cyberattack vector that targets Windows Active Directory environments. This attack exploits the SID History attribute, which is intended to maintain user access... The post ...
Semperis

How to Defend Against LDAP Injection Attacks

| | active directory security, AD Security 101, Identity Attack Catalog, Identity Threat Detection & Response
LDAP injection represents a formidable cyberattack vector, targeting the authentication and authorization mechanisms within your Active Directory environment. By exploiting improper input validation, attackers can manipulate LDAP statements and potentially... The post ...
Semperis
Load more