Hacking Entra ID: Inside the Attack & Defense Playbook with its Creators

Entra.Chat

Hacking Entra ID: Inside the Attack & Defense Playbook with its Creators

0:00

-58:03

Hacking Entra ID: Inside the Attack & Defense Playbook with its Creators

Learn about key detection and mitigation strategies from the blue team experts who wrote the guide

Merill Fernando

Nov 01, 2025

Sami Lamppu and Thomas Naunheim, the creators of the Entra ID Attack and Defense Playbook, join me to discuss their incredible 5-year community project.

We talk about the most complex attacks they’ve researched, including the “black box” token and PRT attacks, and their shocking findings related to TPM and device compliance. We also dive deep into their brand-new chapter on the new Microsoft Entra Connect Application Based Authentication model and the critical steps you must take to secure it.

Subscribe with your favorite podcast player or watch on YouTube 👇

About Sami & Thomas

Sami Lamppu is a Microsoft Security MVP and a Principal Cloud Security Lead at Elisa with a strong focus on the blue team side, helping organizations proactively prevent attacks.

Thomas Naunheim is a Cybersecurity Architect at glueckkanja and a Microsoft Security MVP. He specializes in Microsoft Entra, identity and access management, and cloud security posture.

Sami LinkedIn - https://www.linkedin.com/in/sami-lamppu/
Thomas LinkedIn - https://www.linkedin.com/in/thomasnaunheim/

🔗 Related Links

Entra ID Attack and Defense Playbook - https://github.com/Cloud-Architekt/AzureAD-Attack-Defense

📗 Chapters

02:35 Origin Story of the Playbook

07:08 Overview of the Attack Chapters

09:53 Who is the Playbook For?

13:59 The Hardest Chapter to Write: Tokens

21:48 Shocking PRT & TPM Findings

24:43 NEW Chapter: Hacking Entra Connect (ABA)

29:10 How to Secure the New Sync Account

36:53 HSCAR: The Posture Analyzer Tool

45:09 Keeping the Playbook Updated & Community

53:12 What’s Next & Final Advice

Podcast Apps

🎙️ Entra.Chat - https://entra.chat

🎧 Apple Podcast → https://entra.chat/apple

📺 YouTube → https://entra.chat/youtube

📺 Spotify → https://entra.chat/spotify

🎧 Overcast → https://entra.chat/overcast

🎧 Pocketcast → https://entra.chat/pocketcast

🎧 Others → https://entra.chat/rss

Merill’s socials

📺 YouTube → youtube.com/@merillx

👔 LinkedIn → linkedin.com/in/merill

🐤 Twitter → twitter.com/merill

🕺 TikTok → tiktok.com/@merillf

🦋 Bluesky → bsky.app/profile/merill.net

🐘 Mastodon → infosec.exchange/@merill

🧵 Threads → threads.net/@merillf

🤖 GitHub → github.com/merill

Discussion about this episode

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts