Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore advanced lateral movement techniques that enable threat actors to compromise Entra ID environments from on-premises Active Directory in this 39-minute Black Hat USA 2025 conference talk. Delve deep into Entra ID and hybrid AD trust internals to understand the evolving security boundary between Active Directory and Entra ID in hybrid environments. Learn about several newly discovered lateral movement techniques that can bypass authentication and multi-factor authentication while enabling stealthy data exfiltration, even in hardened environments where classical techniques fail. Discover how these techniques, which are design features rather than vulnerabilities, operate through undocumented authentication flows and leave minimal forensic traces. Examine the recent hardening efforts by Microsoft to address some of these attack vectors and understand why the security boundary between on-premises and cloud environments remains somewhat unclear. Gain insights into tenant compromise scenarios originating from on-premises AD infrastructure and explore the undocumented aspects of Entra ID authentication mechanisms that make these attacks possible.
