My friends know I’m a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk’s first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life, and becoming a “real” person unburdened by societal pressures. Ironically, the unnamed narrator ultimately gets trapped in the identity of his alter-ego, Tyler Durden, spiraling down a destructive path—the opposite of enlightenment. To the external world, there’s no distinction between the imposter and the increasingly unreliable narrator, who is left asking, “Is Tyler my bad dream? Or am I Tyler’s?”

Fight Club is a dark take on the power of identity as a weapon and the ripple effect of unchallenged access. Rewatching the movie recently, I couldn’t help but compare the core themes to cybersecurity.

We’ve got an identity crisis in cybersecurity—excessive privileges.

Identity continues to be a prime target for threat actors, with credential misuse still being among the most successful attack vectors. As an industry, we need to do a better job of stopping permissions creep and reducing unnecessary access, which forms 99% of attack paths into critical assets. I know, easier said than done. In a typical Active Directory and Entra ID environment, there’s an endless amount of attack paths available for adversaries to reach domain dominance. From there, the adversary gets virtually unrestrained access to your organization’s entire network and resources.

The first rule of attack path analysis is to start with your Tier 0 assets.

So, where do you start? A few years ago, the Semperis research team unveiled a free Tier 0 attack path analysis tool for AD and Entra ID at Black Hat Arsenal. The tool, Forest Druid, helps organizations define a permissions perimeter and reduce risky relationships at the source: the Tier 0 assets and surrounding entities that attackers can exploit to gain privileges. Today, Forest Druid is used by thousands of security teams around the world. And yes, it’s still free!

We’ve got plenty of training material to get you up to speed with Forest Druid. Here’s a recent blog from Huy Kha, formerly a Microsoft GHOST security researcher and incident responder on (DART), about strengthening incident response with Forest Druid.

Check out our threat research sessions and meet our team at Black Hat.

This year at Black Hat, we’ll present new threat research on exploiting vulnerabilities in Entra ID. No sponsored “thought leadership” sessions—just raw, in-the-weeds research from a few of the brightest minds in the industry.

UnOAuthorized: A Technique to Privilege Escalation to Global Administrator | Briefings Cloud Security & Enterprise Security Track: 

Wednesday, August 7

4:20-5:00 pm PT

Speaker: Eric Woodruff, Senior Security Researcher, Semperis

Silver SAML Forger: Tooling to craft forged SAML responses from Entra ID | Arsenal Track

Thursday, August 8

1:55–3:15 pm PT

Speakers: Eric Woodruff, Senior Security Researcher, Semperis, and Tomer Nahum, Security Researcher, Semperis

Our team is showing up in force at Black Hat, so look out for the Fight Club-inspired “Hello, My Name Is” t-shirts below and say hi. We’ve got plenty of opportunities for you to meet with our identity experts.

Tyler Durden’s Project Mayhem is fictitious but cyber threats aren’t.

Durden’s campaign to obliterate civilization by spreading chaos isn’t so unlike the goal of the real-life cyber adversaries who attack hospitals, pipelines, 9-1-1 call centers, schools, and service providers to critical infrastructure—nothing is off limits. This multi-billion-dollar ransomware industry finances illegal narcotics, weapons, terrorism, human trafficking, and child exploitation globally. Our 2024 ransomware survey of 900 IT and security pros reveals 78% of organizations targeted by ransomware paid the ransom, and most got hit multiple times.

As part of our mission to be a force for good, Semperis continues to build free tools for the community, like Purple Knight and Forest Druid, and to update all our solutions with the latest threat research. Download the tools today, give them a spin, and reach out to speak with a Semperis expert. We’re in the fight together!

See you at cyber summer camp (i.e., BH/Defcon)!

Mickey Bresman, Semperis CEO

The post Hello, My Name Is Domain Admin appeared first on Semperis.