Sign up to save your podcasts
Or
Share Hacking Entra ID: Inside the Attack & Defense Playbook with its Creators
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Hacking Entra ID: Inside the Attack & Defense Playbook with its Creators
Sami Lamppu and Thomas Naunheim, the creators of the Entra ID Attack and Defense Playbook, join me to discuss their incredible 5-year community project.
We talk about the most complex attacks they’ve researched, including the “black box” token and PRT attacks, and their shocking findings related to TPM and device compliance. We also dive deep into their brand-new chapter on the new Microsoft Entra Connect Application Based Authentication model and the critical steps you must take to secure it.
Subscribe with your favorite podcast player or watch on YouTube 👇
About Sami & Thomas
Sami Lamppu is a Microsoft Security MVP and a Principal Cloud Security Lead at Elisa with a strong focus on the blue team side, helping organizations proactively prevent attacks.
Thomas Naunheim is a Cybersecurity Architect at glueckkanja and a Microsoft Security MVP. He specializes in Microsoft Entra, identity and access management, and cloud security posture.
* Sami LinkedIn - https://www.linkedin.com/in/sami-lamppu/
* Thomas LinkedIn - https://www.linkedin.com/in/thomasnaunheim/
🔗 Related Links
* Entra ID Attack and Defense Playbook - https://github.com/Cloud-Architekt/AzureAD-Attack-Defense
📗 Chapters
02:35 Origin Story of the Playbook
07:08 Overview of the Attack Chapters
09:53 Who is the Playbook For?
13:59 The Hardest Chapter to Write: Tokens
21:48 Shocking PRT & TPM Findings
24:43 NEW Chapter: Hacking Entra Connect (ABA)
29:10 How to Secure the New Sync Account
36:53 HSCAR: The Posture Analyzer Tool
45:09 Keeping the Playbook Updated & Community
53:12 What’s Next & Final Advice
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
View all episodes
By Merill Fernando
5
55 ratings
Sami Lamppu and Thomas Naunheim, the creators of the Entra ID Attack and Defense Playbook, join me to discuss their incredible 5-year community project.
We talk about the most complex attacks they’ve researched, including the “black box” token and PRT attacks, and their shocking findings related to TPM and device compliance. We also dive deep into their brand-new chapter on the new Microsoft Entra Connect Application Based Authentication model and the critical steps you must take to secure it.
Subscribe with your favorite podcast player or watch on YouTube 👇
About Sami & Thomas
Sami Lamppu is a Microsoft Security MVP and a Principal Cloud Security Lead at Elisa with a strong focus on the blue team side, helping organizations proactively prevent attacks.
Thomas Naunheim is a Cybersecurity Architect at glueckkanja and a Microsoft Security MVP. He specializes in Microsoft Entra, identity and access management, and cloud security posture.
* Sami LinkedIn - https://www.linkedin.com/in/sami-lamppu/
* Thomas LinkedIn - https://www.linkedin.com/in/thomasnaunheim/
🔗 Related Links
* Entra ID Attack and Defense Playbook - https://github.com/Cloud-Architekt/AzureAD-Attack-Defense
📗 Chapters
02:35 Origin Story of the Playbook
07:08 Overview of the Attack Chapters
09:53 Who is the Playbook For?
13:59 The Hardest Chapter to Write: Tokens
21:48 Shocking PRT & TPM Findings
24:43 NEW Chapter: Hacking Entra Connect (ABA)
29:10 How to Secure the New Sync Account
36:53 HSCAR: The Posture Analyzer Tool
45:09 Keeping the Playbook Updated & Community
53:12 What’s Next & Final Advice
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
More shows like Entra.Chat
View all
StarTalk Radio
14,347 Listeners
The Infinite Monkey Cage
1,951 Listeners
WSJ Tech News Briefing
1,649 Listeners
Risky Business
372 Listeners
Down the Security Rabbithole Podcast (DtSR)
99 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
652 Listeners
Click Here
418 Listeners
Microsoft Cloud IT Pro Podcast
66 Listeners
Darknet Diaries
8,078 Listeners
Hacking Humans
315 Listeners
Three Buddy Problem
61 Listeners
Hybrid Identity Protection Podcast
3 Listeners
CISO Tradecraft®
48 Listeners
Risky Bulletin
45 Listeners
Critical Thinking - Bug Bounty Podcast
55 Listeners