Comment from Semperis on Log4j
January 2022 by Sean Deuby, Director of Services, Semperis
A comment below from Sean Deuby on the Log4j vulnerability.
"According to a ThreatPost report (https://threatpost.com/conti-ransom...), Conti ransomware group has weaponized the Log4j vulnerability. In this case, Log4j is used at the other end of the kill chain: Once they have domain dominance, they use it for reconnaissance and privilege escalation in the application they want to access (in this case, VMware). But as always, Active Directory is central to the attack: The threat actors use it to gain the ability to freely move throughout the network to achieve their ends."
Sean Deuby, Director of Services, Semperis
Sean Deuby brings 30 years’ experience in Enterprise IT and Hybrid Identity to his role as Director of Services at Semperis. An original architect and technical leader of Intel’s Active Directory, Texas Instrument’s Windows NT network, and 15-time MVP alumnus, Sean has been involved with Microsoft identity technology since its inception. His experience as an identity strategy consultant for many Fortune 500 companies gives him a broad perspective on the challenges of today’s identity-centered security. Sean is also an industry journalism veteran; as former technical director for Windows IT Pro, he has over 400 published articles on Active Directory, Azure Active Directory and related security, and Windows Server. He has presented sessions at multiple CIS / Identiverse conferences.