Sydney, Australia — July 17, 2025 — Semperis, a provider of AI-powered identity security and cyber resilience, today released new research detailing Golden dMSA, a critical design flaw active in delegated Managed Service Accounts (dMSAa) in Windows Server 2025. The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accounts and their resources across Active Directory indefinitely.

To help further understanding of how this attack technique works in practice, Semperis Researcher Adi Malyanker built a tool called GoldenDMSA. The tool incorporates the logic of the attack, allowing users to efficiently explore, evaluate, and simulate how the technique may be exploited in real-world environments.

The Golden dMSA attack leverages a cryptographic vulnerability that can undermine Microsoft’s latest security innovation in Windows Server 2025. This technique exploits the architectural foundation of dMSAs. The attack leverages a critical design flaw: the ManagedPasswordId structure contains predictable time-based components with only 1,024 combinations, making brute-force password generation computationally trivial.

“Golden dMSA exposes a critical design flaw that could let attackers generate service account passwords and persist undetected in Active Directory environments,” said Malyanker. “I built a tool that helps defenders and researchers better understand the mechanism of the attack. Organisations should proactively assess their systems to stay ahead of this emerging threat.”

Semperis researchers, pioneers in identity threat detection, recently announced new research into nOauth, a known vulnerability in Microsoft’s Entra ID that enables full account takeover in vulnerable SaaS apps with minimal attacker effort. In addition, new detection capabilities were developed in the company’s Directory Services Protector platform to enable defense against BadSuccessor, a high-severity privilege escalation technique targeting a newly introduced feature in Windows Server 2025. Last year, Semperis researchers discovered Silver SAML, a new variant of the SolarWinds-era Golden SAML technique that bypasses standard defenses in Entra ID-integrated applications.

To read the full research blog, visit: https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass

About Semperis

Semperis protects critical enterprise identity services for security teams charged with defending hybrid and multi-cloud environments. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis’ AI-powered technology protects over 100 million identities from cyberattacks, data breaches, and operational errors.

As part of its mission to be a force for good, Semperis offers a variety of cyber community resources, including the award-winning Hybrid Identity Protection (HIP) Conference, HIP Podcast, and free identity security tools Purple Knight and Forest Druid. Semperis is a privately owned, international company headquartered in Hoboken, New Jersey, supporting the world’s biggest brands and government agencies, with customers in more than 40 countries.