Related Links

Semperis, a provider of AI-powered identity security and cyber resilience, released new research detailing Golden dMSA, a critical design flaw active in delegated Managed Service Accounts (dMSA) in Windows Server 2025.

The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accounts and their resources across Active Directory indefinitely.

Attack technique

To help further understanding of how this attack technique works in practice, Semperis researcher Adi Malyanker built a tool called GoldenDMSA.

The tool incorporates the logic of the attack, allowing users to efficiently explore, evaluate, and simulate how the technique may be exploited in real-world environments. The Golden dMSA attack leverages a cryptographic vulnerability that can undermine Microsoft's latest security innovation in Windows Server 2025. This technique exploits the architectural foundation of dMSAs.  

Critical design flaw

The ManagedPasswordId structure contains predictable time-based components with only 1,024 combinations

The attack leverages a critical design flaw: the ManagedPasswordId structure contains predictable time-based components with only 1,024 combinations, making brute-force password generation computationally trivial.

Golden dMSA exposes a critical design flaw that could let attackers generate service account passwords and persist undetected in Active Directory environments,” said Malyanker.

I built a tool that helps defenders and researchers better understand the mechanism of the attack. Organisations should proactively assess their systems to stay ahead of this emerging threat.”

New research

Semperis researchers, pioneers in identity threat detection, recently announced new research into nOauth, a known vulnerability in Microsoft’s Entra ID that enables full account takeover in vulnerable SaaS apps with minimal attacker effort.

In addition, new detection capabilities were developed in the company’s Directory Services Protector platform to enable defence against BadSuccessor, a high-severity privilege escalation technique targetting a newly introduced feature in Windows Server 2025.

Last year, Semperis researchers discovered Silver SAML, a new variant of the SolarWinds-era Golden SAML technique that bypasses standard defences in Entra ID-integrated applications.

Stay ahead of the trends on securing physical access control systems through layered cybersecurity practices.

Related videos

Insta DomainLink Secret™

Insta DomainLink Secret™
Wan 2.2-S2V demo video: Female singer

Wan 2.2-S2V demo video: Female singer
Dahua MultiVision Online Event - Look Wider, Protect Deeper

Dahua MultiVision Online Event - Look Wider, Protect Deeper

In case you missed it

What are emerging applications for physical security in transportation?
What are emerging applications for physical security in transportation?

Transportation systems need robust physical security to protect human life, to ensure economic stability, and to maintain national security. Because transportation involves moving...

Gallagher & Fortified enhance perimeter security solutions
Gallagher & Fortified enhance perimeter security solutions

Global security manufacturer - Gallagher Security is proud to announce a strategic partnership with Fortified Security, a pioneering perimeter systems integrator with over 30 years...

Genetec: Data sovereignty in physical security
Genetec: Data sovereignty in physical security

Genetec Inc., the global pioneer in enterprise physical security software, highlights why data sovereignty has become a central concern for physical security leaders as more survei...

Featured white papers
One system, one card

One system, one card

Download
Aligning physical and cyber defence for total protection

Aligning physical and cyber defence for total protection

Download
Understanding AI-powered video analytics

Understanding AI-powered video analytics

Download
Enhancing physical access control using a self-service model

Enhancing physical access control using a self-service model

Download
How to implement a physical security strategy with privacy in mind

How to implement a physical security strategy with privacy in mind

Download
More corporate news
Enveil ZeroReveal 6.0: Revolutionising data security

Enveil ZeroReveal 6.0: Revolutionising data security
Keenfinity expands in security tech market

Keenfinity expands in security tech market
VIPRE's advanced email threat protection

VIPRE's advanced email threat protection
Featured products
Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera

Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera
Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control

Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control
Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)

Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)