Breaking Entra: Real-World Cloud Identity Attacks You Can Recreate
Identity has become the new perimeter and in Microsoft Entra ID (formerly Azure Active Directory), it’s also the easiest one to break. Misconfigured apps, over-scoped permissions, and weak conditional access open the door to attackers who know where to look. In this talk, we’ll walk through real-world Entra ID misconfigurations that led to privilege escalation and domain-wide compromise all of which have been reproduced in EntraGoat, a new open-source lab that simulates these attack paths in a CTF-style environment. You’ll see step-by-step demos of how attackers exploit these flaws, how defenders can detect them, and how you can use the lab to train, teach, or test in your own environment. Whether you’re red team, blue team, or just Entra-curious, you’ll walk away with practical techniques and a tool to keep practicing. EntraGoat - https://github.com/semperis/entragoat
Speaker
Jonathan Elkabas
Security Researcher
Hey! I'm a security researcher at Semperis, where I spend my days wrangling digital identities, taming identity providers (IdPs), and keeping non-human accounts from getting too ambitious. I build Indicators of Attack, Compromise, and Exposure focused on Active Directory, Okta and Microsoft Entra ID, working closely with product and engineering teams to make enterprise identity security a little smarter - and a lot harder to break.... read more
Tomer Nahum
Security Research Team Lead
Tomer Nahum is a Security Researcher at Semperis, where he works to find new attacks, and how to defend against them, in on-prem identity stacks such as Active Directory, as well as cloud identity systems. Tomer was awarded Most Valuable Researcher (MVR) in 2023 by Microsoft Security Response Center (MSRC). ... read more