by | Mar 22, 2022 | Semperis
In 2019, the Financial Conduct Authority (FCA) proposed changes to how institutions within the UK financial sector ensure operational resilience, particularly against the threat of cyberattacks. The FCA will start enforcing the guidance on March 31, 2022. All...
by | Mar 1, 2022 | Semperis
This article introduces a new attack targeting Group Managed Service Accounts (gMSA), dubbed the “Golden GMSA” attack, allowing attackers to dump Key Distribution Service (KDS) root key attributes and then generate the password for all the associated gMSAs offline. ...
by | Feb 28, 2022 | Semperis
As the world continues to embrace digital transformation and distributed work, businesses will continue to deploy SaaS apps—while continuing to use on-premises tools. Hybrid ecosystems are becoming increasingly common as a result. Unfortunately, current identity and...
by | Feb 25, 2022 | Semperis
Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis...
by Darrenlux23dWoldVent | Feb 24, 2022 | Semperis
Some people are a hammer in search of a nail, but I’m a hammer in search of Kerberos delegation. So, when I heard that a WriteSPN edge was introduced to BloodHound 4.1, I started exploring alternative abuse techniques beyond targeted Kerberoasting, and I found an edge...
by Darrenlux23dWoldVent | Feb 24, 2022 | Semperis
Guido Grillenmeier, Semperis Chief Technologist, will contribute a presentation, “Combating an ongoing attack on an identity system,” at the 18th German IT Security Congress, an event hosted by the German Federal Office for Information Security. The 18th German IT...
