Microsoft Active Directory Forest Recovery Guide, by Sean Deuby semperis.com/wp-content/upl…

Ransomware threats are going offline — literally. Our new 2025 Global Ransomware Report shows cybercriminals are now threatening physical harm to victims who don't pay up. This isn’t just cyber risk — it's personal risk. 🔗 theregister.com/2025/07/31/ran…

Today, together with Jonathan Elkabas, we're releasing EntraGoat - A Deliberately Vulnerable Entra ID Environment. Your own hands-on Entra lab for identity attack simulation. Built for red teams, blue teams and identity nerds. Check it out here👉github.com/semperis/entra…

Quantum computing exposes Active Directory to urgent new risks - SecurityBrief Australia securitybrief.com.au/story/quantum-… #QuantumComputing

This article is really interesting to me: red.anthropic.com/2025/cyber-too… What if the most pressing security problem to solve with LLMs is how to defend against attackers using them to perform relatively repeatable attacks (e.g. install ransomware on low-to-mid defended environments)?

Turning your Active Directory into the attacker’s C2 Modern Group Policy Objects enumeration and exploitation Defcon 33 slides: media.defcon.org/DEF%20CON%2033… Tool: github.com/synacktiv/OUned

🧵 Red teams are shifting to stealthier AD enumeration via Active Directory Web Services (ADWS) over port 9389. Tools like SOAPHound, SoaPy & ShadowHound wrap LDAP queries in SOAP, bypassing traditional detections. ipurple.team/2025/08/12/act… A KQL to detect this type of AD

ICYMI: Was just perusing the latest CrowdStrike 2025 Threat Hunting report (crowdstrike.com/en-us/resource…) and check this wild timeline for Scattered Spider - from account takeover to Entra ID bulk user export in <5 minutes 👀

Wanna play around with #KQL and #Graph Microsoft just released sample datasets to play around and look at this gorgeous visualization for the #Bloodhound schema they offer! Thanks Henning Rauch 🥰 learn.microsoft.com/en-us/kusto/qu…

🚨 Fortinet RCE: There's a new critical vulnerability in #FortiSIEM. CVE‑2025‑25256 allows for unauthenticated #RCE attacks, allowing an attacker to gain complete control over the affected system. This includes accessing sensitive data, modifying or deleting system resources,

AD recovery is no simple fix; it’s a high-stakes strategy. The right prep, automation, and testing separate organizations that recover fast from those that crumble. Learn how leaders prepare before disaster strikes with Travers Clyde + Cohesity: cohesity.co/41Lm6fq

🚨Detect Actor Token Abuse (#CVE-2025-55241) After verifying the details with Dirk-jan, I created a query to detect Actor Token abuse, regardless of the activity involved. The idea is simple: If these activities are S2S, they should originate from Microsoft service IPs. 🧐

Getting ready for my "Domain Controller Firewall: Fact or Fiction" session at #HIPConf25, focusing on the Infrastructure as Code (IaC) approach to Windows Firewall policy management, RPC filters, outbound traffic, hybrid environment challenges, and network service discovery.

Pass the free Active Directory Administrator practical applied skill test learn.microsoft.com/en-us/credenti… and go into the draw to win 50% off your next Microsoft certification exam. Details at: learn.microsoft.com/en-us/credenti…

This article explores a novel attack technique that combines Ghost SPNs and Kerberos reflection to elevate privileges on SMB servers, highlighting a critical gap in traditional detection methods. It details how attackers can exploit stale or misconfigured Service Principal Names

AdminSDHolder is kinda my jam. I wrote the e-book on it. If you work with Activity Directory, I highly recommend you give this a skim, or at least check the spoilers in the blog.

In this blog, we explore why break-glass accounts are your lifeline when identity systems fail. Learn more here: practical365.com/lifeline-or-li…

A comprehensive guide for responding to and recovering from ransomware incidents github.com/subodhss23/ran…

US army cyber chief: 'The general public does not and usually will never be able to know the extent of America's cyber successes versus its adversaries' | jpost.com/defense-and-te… The Jerusalem Post