www.semperis.com
Open in
urlscan Pro
141.193.213.20
Public Scan
Submitted URL: https://semperis2.orthemisto.com/api/mailings/click/PMRGSZBCHIYTENJXG44TQLBCOVZGYIR2EJUHI5DQOM5C6L3XO53S443FNVYGK4TJOMXGG33NF5RGY...
Effective URL: https://www.semperis.com/blog/do-you-know-your-active-directory-security-vulnerabilities/
Submission: On March 15 via manual from US — Scanned from DE
Effective URL: https://www.semperis.com/blog/do-you-know-your-active-directory-security-vulnerabilities/
Submission: On March 15 via manual from US — Scanned from DE
Form analysis 7 forms found in the DOM
GET /
<form method="get" id="searchform" action="/" role="search" __bizdiag="-1907827125" __biza="WJ__">
<label class="sr-only" for="s">Search</label>
<div class="input-group">
<input class="field form-control" id="s" name="s" type="text" placeholder="Search" value="" tabindex="-1">
<span class="input-group-append">
<input class="submit btn btn-primary" id="searchsubmit" name="submit" type="submit" value="Search">
</span>
</div>
</form><form id="mktoForm_1164" __bizdiag="196352736" __biza="WJ__" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 253px;">
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoInset .mktoButton {
color: #000;
background: #fff;
border: 1px solid #aeb0b6;
padding: 0.4em 1em;
font-size: 1em;
box-shadow: 1px 1px 6px 1px #ccc;
background-color: #f5f5f5;
background-image: -webkit-gradient(linear, left top, left bottom, from(#f5f5f5), to(#dfdfdf));
background-image: -webkit-linear-gradient(top, #f5f5f5, #dfdfdf);
background-image: -moz-linear-gradient(top, #f5f5f5, #dfdfdf);
background-image: linear-gradient(to bottom, #f5f5f5, #dfdfdf);
}
.mktoForm .mktoButtonWrap.mktoInset .mktoButton:hover {
border: 1px solid #999;
}
.mktoForm .mktoButtonWrap.mktoInset .mktoButton:focus {
outline: none;
border: 1px solid #999;
}
.mktoForm .mktoButtonWrap.mktoInset .mktoButton:active {
box-shadow: inset 1px 1px 6px 1px #ccc;
background-color: #dfdfdf;
background-image: -webkit-gradient(linear, left top, left bottom, from(#dfdfdf), to(#f5f5f5));
background-image: -webkit-linear-gradient(top, #dfdfdf, #f5f5f5);
background-image: -moz-linear-gradient(top, #dfdfdf, #f5f5f5);
background-image: linear-gradient(to bottom, #dfdfdf, #f5f5f5);
}
</style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 82px;">
<div class="mktoAsterix">*</div>Business Email
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div><input id="Email" name="Email" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired"
aria-required="true" style="width: 150px;" placeholder="Business Email"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoInset" style="margin-left: 120px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1164"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="239-CPN-851">
</form><form id="mktoForm_1039" __bizdiag="196351687" __biza="WJ__" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 253px;">
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoInset .mktoButton {
color: #000;
background: #fff;
border: 1px solid #aeb0b6;
padding: 0.4em 1em;
font-size: 1em;
box-shadow: 1px 1px 6px 1px #ccc;
background-color: #f5f5f5;
background-image: -webkit-gradient(linear, left top, left bottom, from(#f5f5f5), to(#dfdfdf));
background-image: -webkit-linear-gradient(top, #f5f5f5, #dfdfdf);
background-image: -moz-linear-gradient(top, #f5f5f5, #dfdfdf);
background-image: linear-gradient(to bottom, #f5f5f5, #dfdfdf);
}
.mktoForm .mktoButtonWrap.mktoInset .mktoButton:hover {
border: 1px solid #999;
}
.mktoForm .mktoButtonWrap.mktoInset .mktoButton:focus {
outline: none;
border: 1px solid #999;
}
.mktoForm .mktoButtonWrap.mktoInset .mktoButton:active {
box-shadow: inset 1px 1px 6px 1px #ccc;
background-color: #dfdfdf;
background-image: -webkit-gradient(linear, left top, left bottom, from(#dfdfdf), to(#f5f5f5));
background-image: -webkit-linear-gradient(top, #dfdfdf, #f5f5f5);
background-image: -moz-linear-gradient(top, #dfdfdf, #f5f5f5);
background-image: linear-gradient(to bottom, #dfdfdf, #f5f5f5);
}
</style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 82px;">
<div class="mktoAsterix">*</div>Business Email
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div><input id="Email" name="Email" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired"
aria-required="true" style="width: 150px;" placeholder="Business Email"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoInset" style="margin-left: 120px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1039"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="239-CPN-851">
</form>GET /
<form method="get" id="searchform" action="/" role="search" __bizdiag="-1907827125" __biza="WJ__">
<label class="sr-only" for="s">Search</label>
<div class="input-group">
<input class="field form-control" id="s" name="s" type="text" placeholder="Search" value="" tabindex="-1">
<span class="input-group-append">
<input class="submit btn btn-primary" id="searchsubmit" name="submit" type="submit" value="Search">
</span>
</div>
</form><form __bizdiag="262793248" __biza="WJ__" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft"
style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>POST #
<form class="acsb-form" data-acsb-search="form" enctype="multipart/form-data" action="#" method="POST" __bizdiag="-1385568330" __biza="WJ__"> <input type="text" tabindex="0" name="acsb_search" autocomplete="off"
placeholder="Unclear content? Search in dictionary..." aria-label="Unclear content? Search in dictionary..."> <i class="acsbi-search"></i> <i class="acsbi-chevron_down"></i> </form><form __bizdiag="262793248" __biza="WJ__" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft"
style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
Use Website In a Screen-Reader Mode
Skip to Content
↵ENTER
Skip to Menu
↵ENTER
Skip to Footer
↵ENTER
Skip to content
KKR Leads $200+ Million Growth Investment in Enterprise Identity Protection
Leader Semperis
MAIN NAVIGATION
* Products
* Products
* Active Directory SecurityComprehensive Identity Threat Detection and
Response for Hybrid ADExplore DSP
* Active Directory Forest RecoveryCyber-First Disaster Recovery for Active
Directory.Explore ADFR
* Unleash Purple KnightPurple Knight is a free Active Directory security
assessment tool built and managed by an elite group of Microsoft identity
experts.Download now
* Solutions
* Solutions
* Industry:
* Critical Infrastructure
* Financial Services
* Healthcare
* Insurance
* Public Sector
* Retail
* Transportation
* Use Cases:
* Hybrid AD Security
* Continuous AD Security
* Attack Path Discovery
* AD Threat Detection
* SIEM Visibility
* Essential Guide to Securing Microsoft Active DirectoryHow To Uncover
Security Vulnerabilities in Your Core Identity SystemDownload Now
* Company
* Company
* About Us
* Press Releases
* In the News
* Partners
* Awards
* Careers
* Events
* Support
* A Culture of Commitment and GrowthWe’re hiring! Check out the exciting
opportunities at Semperis.Join our team
* Resources
* Blog
* Contact Us
* Demo
* Get a Demo
*
DO YOU KNOW YOUR ACTIVE DIRECTORY SECURITY VULNERABILITIES?
By Sean Deuby March 18, 2021 | Active Directory
Microsoft Active Directory security involves dealing with a mixed bag of risks,
ranging from management mistakes to unpatched vulnerabilities. We often write
about the fact that cyber-attackers are targeting AD to elevate privileges and
gain persistence in the organization. Investigate a typical data breach, and
you’ll find that stolen credentials likely were used—sometimes for initial
entry, sometimes for accessing critical systems, but always to the detriment of
the targeted organization.
Hardening AD begins with getting a handle on the vulnerabilities and common
configuration and management mishaps that pave the road to compromises. To
defend AD, administrators need to know how attackers are targeting their
environment. How many, however, can pass a pop quiz about the types of security
holes threat actors are sneaking through as they move through the steps of the
breach?
AUTHENTICATION FAIL
It seems ironic, but some of the most prevalent and damaging configuration
errors impacting Active Directory are related to the authentication process.
Consider a scenario where an organization wants to allow a third-party or
home-grown application that doesn’t integrate with AD, but wants to query AD for
active users. The easiest route is to simply enable anonymous access to Active
Directory. While this action might make sense from a productivity standpoint for
busy administrators, it also allows unauthenticated users to query AD. If that
capability is enabled without mitigating controls, the risk profile of that
organization is going to increase substantially.
The Zerologon vulnerability reported in 2020 was quickly exploited by attackers
because it allowed them to change or remove the password for a service account
on a domain controller. The results of a successful exploit could be
catastrophic. Weak passwords, non-expiring passwords, no passwords—all these are
warning signs that an organization’s AD environment is not secure.
Secure password policies should be the order of the day throughout the Active
Directory infrastructure. Any account with the PASSWD_NOTREQD flag set should
automatically draw additional scrutiny and have a justifiable reason for its
configuration. Additionally, passwords—especially service account
passwords—should be periodically rotated. Leaving passwords unchanged for
lengthy amounts of time increases the likelihood of a successful brute force
attack, as attackers will have more time to take swipes at them.
Authentication issues to watch for include:
1. Computers and Group Managed Service Accounts (gMSA) objects with passwords
set over 90 days ago
2. Reversible passwords found in Group Policy Objects (GPOs)
3. Anonymous access to Active Directory enabled
4. Zerologon vulnerability (CVE-2020-1472) if the patch is not applied.
PERMITTING EXCESSIVE PERMISSIONS
As most AD environments have been in production for many years, their attack
surfaces have grown. Many of a forest’s accumulated vulnerabilities can be
traced back to the pattern that someone needs something done, usually in a
hurry, and the least–privilege path to get that done is too time-consuming, not
easily available, or simply not known. As a result, the user or group or
permission is over-privileged just to ensure the request will be satisfied and
the ticket closed. And of course, that entitlement is never ever removed, so the
attack surface simply grows and grows.
In reality, it’s not uncommon for AD environments to have unnecessarily high
numbers of domain administrators—a fact that can be even more troubling if those
accounts are orphaned and are simply waiting to be leveraged in an attack.
Service accounts with excess permissions also pose a high risk because their
passwords are usually set to not expire, and many of them will have weak
passwords (which makes them a good kerberoasting target). As the number of users
with administrative privileges grows, so does the attack surface that needs to
be protected. Membership to these groups should be tightly controlled.
Mistakes happen, of course. As an AD environment grows larger and more complex,
for example, someone might fail to properly account for inherited permissions
and inadvertently grant an account too many privileges. But even properly
managing privilege delegation is not enough with attackers taking the offensive.
As an example, consider the impact of an AdminSDHolder attack. Just as a
refresher, the AdminSDHolder container stores the Security Descriptor applied to
privileged groups. By default, every 60 minutes, the Security Description
Propagation (SDPROP) process compares the permissions on protected objects and
reverses any discrepancies according to what is defined in AdminSDHolder.
In an AdminSDHolder attack, threat actors exploit SDPROP to maintain persistence
by replacing the permissions of an object with the attacker’s unauthorized
modifications. If the permission changes are identified and undone, but the
unauthorized changes to AdminSDHolder are undetected, the attacker’s changes
will be reinstated.
Auditing permissions and monitoring for suspicious activity is the best defense
against the abuse of privileges.
Permission issues to watch for include:
1. Privileged objects with unprivileged owners
2. Permission changes on the AdminSDHolder object
3. Unprivileged users with DC Sync rights on the domain
4. Default security descriptor schema changes in the last 90 days
CHEAT SHEET FOR SECURITY
Armed with information about indicators of exposure (IOEs), organizations can
strengthen their AD’s security. One tool that can help is Purple Knight, a free
AD security audit tool that Semperis released in March. Purple Knight queries
your Active Directory environment in “read-only” mode and performs a
comprehensive set of tests against the most common and effective attack vectors
to uncover risky configurations and security weaknesses.
Scanning Active Directory provides insight into its security posture and reduces
the risk of unauthorized changes or misconfigurations going undetected. AD
administrators need to know more than their craft; they also need to know the
tactics of their adversaries. By keeping critical warning signs top of mind,
they can harden AD against common attacks.
About the author
Sean Deuby Director of Services
Sean brings 30 years’ experience in enterprise IT and hybrid identity to his
role as Director of Services at Semperis. An original architect and technical
leader of Intel's Active Directory, Texas Instrument’s NT network, and 15-time
MVP alumnus, Sean has been involved with Microsoft identity since its inception.
Since then, his experience as an identity strategy consultant for many Fortune
500 companies gives him a broad perspective on the challenges of today's
identity-centered security. Sean is an industry journalism veteran; as former
technical director for Windows IT Pro, he has over 400 published articles on AD,
hybrid identity, and Windows Server. Linkedin
* Search
* SIGN UP
Get the latest news and content from Semperis.
*
Business Email
Submit
By clicking Subscribe, I agree to the use of my personal data in accordance
with Semperis Privacy Policy. Semperis will not sell, trade, lease, or rent
your personal data to third parties.
* FEATURED
post AD Security Research: Breaking Trust Transitivity
post AD Security 101: AD Monitoring for Malicious Changes
post Identity Attack Watch: AD Security News, February 2023
Featured March 14, 2023
AD SECURITY RESEARCH: BREAKING TRUST TRANSITIVITY
While playing with Kerberos tickets, I discovered an issue that allowed me to
authenticate to other domains within an Active Directory (AD) forest across
external non-transitive trusts. This means that there is in fact no such thing
as a “non-transitive trust.” The term is at best misleading and offers
systems...
March 09, 2023
AD SECURITY 101: AD MONITORING FOR MALICIOUS CHANGES
Welcome to AD Security 101. This blog series covers essential aspects of Active
Directory (AD) security, offering basic...
February 28, 2023
IDENTITY ATTACK WATCH: AD SECURITY NEWS, FEBRUARY 2023
As cyberattacks targeting Active Directory continue to rise, AD security,
identity, and IT teams face mounting pressure...
Unlock cyber resilience. Get a demo
* PRODUCTS
* DS Protector
* Active Directory Forest Recovery
* RESOURCES
* Blog
* Resources
* COMPANY
* About Us
* In the News
* Press Releases
* Events
* Awards & Recognitions
* Contact
* Careers
* Demo
* Support
* SUBSCRIBE
*
Business Email
Submit
By submitting, you agree that Semperis may use and process your personal
information to send you promotional information regarding its products and
services in accordance with the Semperis Privacy Policy. You can opt-out at
any time.
* CONNECT
*
*
*
*
*
*
* © 2023 Semperis. All Rights Reserved. | Privacy Policy | Sitemap | Terms of
Use
Web development by
Search
By clicking “Accept All Cookies”, you agree to the storing of cookies on your
device to enhance site navigation, analyze site usage, and assist in our
marketing efforts.
Cookies Settings Reject All Accept All Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Back Button
PERFORMANCE COOKIES
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
Switch Label label
Switch Label label
Switch Label label
Reject All Confirm My Choices
English
Accessibility Adjustments
Reset Settings Statement Hide Interface
Choose the right accessibility profile for you
OFF ON
Seizure Safe Profile Clear flashes & reduces color
This profile enables epileptic and seizure prone users to browse safely by
eliminating the risk of seizures that result from flashing or blinking
animations and risky color combinations.
OFF ON
Vision Impaired Profile Enhances website's visuals
This profile adjusts the website, so that it is accessible to the majority of
visual impairments such as Degrading Eyesight, Tunnel Vision, Cataract,
Glaucoma, and others.
OFF ON
ADHD Friendly Profile More focus & fewer distractions
This profile significantly reduces distractions, to help people with ADHD and
Neurodevelopmental disorders browse, read, and focus on the essential elements
of the website more easily.
OFF ON
Cognitive Disability Profile Assists with reading & focusing
This profile provides various assistive features to help users with cognitive
disabilities such as Autism, Dyslexia, CVA, and others, to focus on the
essential elements of the website more easily.
OFF ON
Keyboard Navigation (Motor) Use website with the keyboard
This profile enables motor-impaired persons to operate the website using the
keyboard Tab, Shift+Tab, and the Enter keys. Users can also use shortcuts such
as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics)
to jump to specific elements.
Note: This profile prompts automatically for keyboard users.
OFF ON
Blind Users (Screen Reader) Optimize website for screen-readers
This profile adjusts the website to be compatible with screen-readers such as
JAWS, NVDA, VoiceOver, and TalkBack. A screen-reader is software that is
installed on the blind user’s computer and smartphone, and websites should
ensure compatibility with it.
Note: This profile prompts automatically to screen-readers.
Content Adjustments
Content Scaling
Default
Readable Font
Highlight Titles
Highlight Links
Text Magnifier
Adjust Font Sizing
Default
Align Center
Adjust Line Height
Default
Align Left
Adjust Letter Spacing
Default
Align Right
Color Adjustments
Dark Contrast
Light Contrast
High Contrast
High Saturation
Adjust Text Colors
Cancel
Monochrome
Adjust Title Colors
Cancel
Low Saturation
Adjust Background Colors
Cancel
Orientation Adjustments
Mute Sounds
Hide Images
Read Mode
Reading Guide
Useful Links
Select an option Home Header Footer Main Content
Stop Animations
Reading Mask
Highlight Hover
Highlight Focus
Big Black Cursor
Big White Cursor
HIDDEN_ADJUSTMENTS
Keyboard Navigation
Accessible Mode
Screen Reader Adjustments
Read Mode
Web Accessibility By
Learn More
Choose the Interface Language
English
Español
Deutsch
Português
Français
Italiano
עברית
繁體中文
Pусский
عربى
عربى
Nederlands
繁體中文
日本語
Polski
Türk
Accessibility StatementCompliance status
We firmly believe that the internet should be available and accessible to anyone
and are committed to providing a website that is accessible to the broadest
possible audience, regardless of ability.
To fulfill this, we aim to adhere as strictly as possible to the World Wide Web
Consortium’s (W3C) Web Content Accessibility Guidelines 2.1 (WCAG 2.1) at the AA
level. These guidelines explain how to make web content accessible to people
with a wide array of disabilities. Complying with those guidelines helps us
ensure that the website is accessible to blind people, people with motor
impairments, visual impairment, cognitive disabilities, and more.
This website utilizes various technologies that are meant to make it as
accessible as possible at all times. We utilize an accessibility interface that
allows persons with specific disabilities to adjust the website’s UI (user
interface) and design it to their personal needs.
Additionally, the website utilizes an AI-based application that runs in the
background and optimizes its accessibility level constantly. This application
remediates the website’s HTML, adapts its functionality and behavior for
screen-readers used by blind users, and for keyboard functions used by
individuals with motor impairments.
If you wish to contact the website’s owner please use the website's form
Screen-reader and keyboard navigation
Our website implements the ARIA attributes (Accessible Rich Internet
Applications) technique, alongside various behavioral changes, to ensure blind
users visiting with screen-readers can read, comprehend, and enjoy the website’s
functions. As soon as a user with a screen-reader enters your site, they
immediately receive a prompt to enter the Screen-Reader Profile so they can
browse and operate your site effectively. Here’s how our website covers some of
the most important screen-reader requirements:
1. Screen-reader optimization: we run a process that learns the website’s
components from top to bottom, to ensure ongoing compliance even when
updating the website. In this process, we provide screen-readers with
meaningful data using the ARIA set of attributes. For example, we provide
accurate form labels; descriptions for actionable icons (social media icons,
search icons, cart icons, etc.); validation guidance for form inputs;
element roles such as buttons, menus, modal dialogues (popups), and others.
Additionally, the background process scans all of the website’s images. It
provides an accurate and meaningful image-object-recognition-based
description as an ALT (alternate text) tag for images that are not
described. It will also extract texts embedded within the image using an OCR
(optical character recognition) technology. To turn on screen-reader
adjustments at any time, users need only to press the Alt+1 keyboard
combination. Screen-reader users also get automatic announcements to turn
the Screen-reader mode on as soon as they enter the website.
These adjustments are compatible with popular screen readers such as JAWS,
NVDA, VoiceOver, and TalkBack.
2. Keyboard navigation optimization: The background process also adjusts the
website’s HTML and adds various behaviors using JavaScript code to make the
website operable by the keyboard. This includes the ability to navigate the
website using the Tab and Shift+Tab keys, operate dropdowns with the arrow
keys, close them with Esc, trigger buttons and links using the Enter key,
navigate between radio and checkbox elements using the arrow keys, and fill
them in with the Spacebar or Enter key.
Additionally, keyboard users will find content-skip menus available at any
time by clicking Alt+2, or as the first element of the site while navigating
with the keyboard. The background process also handles triggered popups by
moving the keyboard focus towards them as soon as they appear, not allowing
the focus to drift outside.
Users can also use shortcuts such as “M” (menus), “H” (headings), “F”
(forms), “B” (buttons), and “G” (graphics) to jump to specific elements.
Disability profiles supported on our website
* Epilepsy Safe Profile: this profile enables people with epilepsy to safely
use the website by eliminating the risk of seizures resulting from flashing
or blinking animations and risky color combinations.
* Vision Impaired Profile: this profile adjusts the website so that it is
accessible to the majority of visual impairments such as Degrading Eyesight,
Tunnel Vision, Cataract, Glaucoma, and others.
* Cognitive Disability Profile: this profile provides various assistive
features to help users with cognitive disabilities such as Autism, Dyslexia,
CVA, and others, to focus on the essential elements more easily.
* ADHD Friendly Profile: this profile significantly reduces distractions and
noise to help people with ADHD, and Neurodevelopmental disorders browse,
read, and focus on the essential elements more easily.
* Blind Users Profile (Screen-readers): this profile adjusts the website to be
compatible with screen-readers such as JAWS, NVDA, VoiceOver, and TalkBack. A
screen-reader is installed on the blind user’s computer, and this site is
compatible with it.
* Keyboard Navigation Profile (Motor-Impaired): this profile enables
motor-impaired persons to operate the website using the keyboard Tab,
Shift+Tab, and the Enter keys. Users can also use shortcuts such as “M”
(menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics) to
jump to specific elements.
Additional UI, design, and readability adjustments
1. Font adjustments – users can increase and decrease its size, change its
family (type), adjust the spacing, alignment, line height, and more.
2. Color adjustments – users can select various color contrast profiles such as
light, dark, inverted, and monochrome. Additionally, users can swap color
schemes of titles, texts, and backgrounds with over seven different coloring
options.
3. Animations – epileptic users can stop all running animations with the click
of a button. Animations controlled by the interface include videos, GIFs,
and CSS flashing transitions.
4. Content highlighting – users can choose to emphasize essential elements such
as links and titles. They can also choose to highlight focused or hovered
elements only.
5. Audio muting – users with hearing devices may experience headaches or other
issues due to automatic audio playing. This option lets users mute the
entire website instantly.
6. Cognitive disorders – we utilize a search engine linked to Wikipedia and
Wiktionary, allowing people with cognitive disorders to decipher meanings of
phrases, initials, slang, and others.
7. Additional functions – we allow users to change cursor color and size, use a
printing mode, enable a virtual keyboard, and many other functions.
Assistive technology and browser compatibility
We aim to support as many browsers and assistive technologies as possible, so
our users can choose the best fitting tools for them, with as few limitations as
possible. Therefore, we have worked very hard to be able to support all major
systems that comprise over 95% of the user market share, including Google
Chrome, Mozilla Firefox, Apple Safari, Opera and Microsoft Edge, JAWS, and NVDA
(screen readers), both for Windows and MAC users.
Notes, comments, and feedback
Despite our very best efforts to allow anybody to adjust the website to their
needs, there may still be pages or sections that are not fully accessible, are
in the process of becoming accessible, or are lacking an adequate technological
solution to make them accessible. Still, we are continually improving our
accessibility, adding, updating, improving its options and features, and
developing and adopting new technologies. All this is meant to reach the optimal
level of accessibility following technological advancements. If you wish to
contact the website’s owner, please use the website's form
Hide Accessibility Interface? Please note: If you choose to hide the
accessibility interface, you won't be able to see it anymore, unless you clear
your browsing history and data. Are you sure that you wish to hide the
interface?
Accept Cancel
Continue
Processing the data, please give it a few seconds...
Press Alt+1 for screen-reader mode