Entra Goat: Simulating Real-World Entra ID Attacks #shorts

Today we're going to talk about Entrago. Entreote is a deliberately vulnerable entry ID environment designed to simulate real world attack scenarios in your own entry tenant. And that leads us to why we didn't develop um Entraote. Um Jonathan told me today, well, he didn't tell me today reminded me again today that he when he started doing security and he actually started with doing CDFs because it's not only teaching you theoretical stuff. It also helps you try stuff yourself. Again, hands-on experience with breaking stuff. And enter ID was missing its own goats project. And like we said, there's AWS goat, Azure goat, CI/CD goat, and we wanted to create one for Ant ID because we love ENT ID. Um, and the last thing,

we wanted to make Entra ID more accessible for everyone. We know many people these days have interest in identity security in particular in Enra ID because it's very much connected to Azure. You cannot have um an Azure subscription without an entry ID tenant connected to it. So we wanted to create something so everyone can try and break entra >> and if you talk about Microsoft let's take uh an example uh straight for from their uh time when they got breached by uh AP29 midnight blizzard. Uh this happened I think in early 2024. So uh AP29 uh got access uh by password spraying um a legacy test account in their legacy test tenant. But again uh a

legacy test account got compromised then uh but somehow it got an ownership over a legacy of application and that application as a an identity inside Microsoft own cooperate tenant and the moment we read that report we knew that we wanted to include it in our uh in our entry go scenarios and we did exactly that. Let's replace that attack path exactly as it is without the initial access because there are many ways to get initial access to a given tenant and we did just like