Entra ID: A Beautiful, Complex Security Mess #shorts

Name: Entra ID: A Beautiful, Complex Security Mess #shorts
Uploaded: 2026-01-08
Duration: 51 s
Description: Entra ID environments are a goldmine for attackers. Over-permissioned apps, stale groups, mismanaged service principles, and misconfigurations lead to tenant compromise in just a few steps. #bsidesfrankfurt #bsides #bsidesfra #TomerNahum #JonathanElkabas #Semperis

BSides Frankfurt0:51313 viewsPublished 2026-01Watch on YouTube ↗

About this talk

Entra ID environments are a goldmine for attackers. Over-permissioned apps, stale groups, mismanaged service principles, and misconfigurations lead to tenant compromise in just a few steps. #bsidesfrankfurt #bsides #bsidesfra #TomerNahum #JonathanElkabas #Semperis

Show transcript [en]

Now that we know why security uh identity security is important, we're going to talk about what is going on in Entra. Um it's a mess, but it's a beautiful complex mess. So there's in modern entry environments are just gold mine for attackers. There are so many privilege escalation paths that it's crazy. You have over permissioned applications, stale group memberships, mismatch service principles and just general misconfigurations that happens in an enter environment on a regular basis. All of which can lead to a total tenant compromised with just a few steps. And we put a lot of emphasize on that in entra go because you will see it just takes a few steps to go from a local

user into a total tenant compromise.

Entra ID: A Beautiful, Complex Security Mess #shorts

Related talks