Semperis Introduces Innovative Security Tools at Black Hat USA 2025

At the highly anticipated Black Hat USA 2025 event, Semperis, a leader in AI-driven security solutions, showcased two groundbreaking tools aimed at enhancing identity security. The demonstrations, featuring renowned security professionals Eric Woodruff and Tomer Nahum, highlighted the urgent need for robust defenses in the face of evolving cyber threats.

Expanding on Identity Threats

Over recent years, as organizations continue their transition to cloud environments, the complexities of securing identity and access management have surged. Semperis identified this critical area, focusing on creating tools that empower security professionals and organizations to anticipate and counteract potential identity threats.

The company unveiled its solutions in the Black Hat Arsenal, a hub for cybersecurity professionals to explore practical demonstrations and tools. Their approach emphasizes hands-on learning, enabling participants to engage directly with these technologies and understand their applications in real-world scenarios.

Highlight: SAMLSmith

One of the core presentations, SAMLSmith, introduces an innovative tool focused on penetrating SAML applications utilizing response forging techniques. This method, while not new, remains largely misunderstood by enterprises, particularly regarding integration with Software as a Service (SaaS) applications and the best practices for securing them. The session emphasizes the importance of recognizing that SAML response forging can vary in complexity, making detection by security operation centers (SOCs) challenging.

During the demonstration, Woodruff and Nahum will showcase how SAMLSmith can be employed to perform a Golden SAML attack against Active Directory Federation Services. This live showcase aims to illustrate the tool's capabilities in exploiting weaknesses in certain SaaS applications while reinforcing the need for extensive knowledge about SAML security.

Introduction to EntraGoat

In addition to SAMLSmith, Semperis introduced EntraGoat, a deliberately vulnerable environment designed to familiarize security professionals, researchers, and penetration testers with the potential security misconfigurations and attack scenarios related to Microsoft Entra ID. This environment allows users to explore various identity and access management (IAM) vulnerabilities and privilege escalation paths in a controlled setting, enhancing their practical knowledge in cloud security.

The session presented by Nahum and Jonathan Elkabas aims to provide attendees with the chance to experiment with identifying and exploiting common flaws that may exist in Entra ID environments. Through this interactive demonstration, participants can learn about proactive security measures that are essential in today's cloud-centric landscape.

Semperis and Its Mission

Semperis is on a mission to secure crucial identity services for enterprises across the globe, equipping teams tasked with safeguarding hybrid and multi-cloud setups. Their AI-powered solutions are tailored for various identity management systems, including Active Directory, Entra ID, and Okta. With an impressive portfolio, Semperis protects over 100 million identities from an array of cyber threats, data breaches, and operational mishaps.

In addition to their technological advancements, Semperis is committed to giving back to the cyber community. They offer a variety of resources, including the acclaimed Hybrid Identity Protection Conference, the HIP Podcast, and free security tools such as Purple Knight and Forest Druid, facilitating education and awareness in the field of identity security.

Headquartered in Hoboken, New Jersey, Semperis proudly serves some of the world’s largest organizations and government agencies, with a customer base spanning over 40 countries.

For more updates, check out their website or follow their social media channels to learn about their latest tools and insights in identity security.