Purple Team

CRW03 Entra ID Security Testing with Open-Source Tools


9:30am - 10:45am

Level: Intermediate to Advanced

Nestori Syynimaa

Senior Principal Security Researcher


In the current cloud era, the focus has moved from securing physical premises to securing identities. Microsoft's cloud-based Identity and Access Management system, Entra ID, is used by over 90 percent of private and public sector organizations globally. This makes Entra ID a tempting target for threat actors.

Keeping your identities secure requires securing your Entra ID. Threat actors have many known and unknown attack vectors to be exploited. These attack vectors are commonly known as Tactics, Techniques, and Procedures (TTPs). Most of the TTPs are implemented in open-source toolkits such as AADInternals. These toolkits allow administrators to test their Entra ID's security using the very same TTPs threat actors are using.

In this session, the creator of AADInternals toolkit covers how to use it to test the security posture of Entra ID and Microsoft 365 environments.

You will learn:

  • Understand threat actors' Techniques, Tactics, and Procedures (TTPs)
  • How to leverage Mitre ATT&CKĀ® framework to plan TTP based security testing
  • How to run TTP based security testing using open source tools