Sami Lamppu and Thomas Naunheim, the creators of the Entra ID Attack and Defense Playbook, join me to discuss their incredible 5-year community project.

We talk about the most complex attacks they’ve researched, including the “black box” token and PRT attacks, and their shocking findings related to TPM and device compliance. We also dive deep into their brand-new chapter on the new Microsoft Entra Connect Application Based Authentication model and the critical steps you must take to secure it.

Subscribe with your favorite podcast player or watch on YouTube 👇

About Sami & Thomas

Sami Lamppu is a Microsoft Security MVP and a Principal Cloud Security Lead at Elisa with a strong focus on the blue team side, helping organizations proactively prevent attacks.

Thomas Naunheim is a Cybersecurity Architect at glueckkanja and a Microsoft Security MVP. He specializes in Microsoft Entra, identity and access management, and cloud security posture.

* Sami LinkedIn - https://www.linkedin.com/in/sami-lamppu/

* Thomas LinkedIn - https://www.linkedin.com/in/thomasnaunheim/

🔗 Related Links

* Entra ID Attack and Defense Playbook - https://github.com/Cloud-Architekt/AzureAD-Attack-Defense

📗 Chapters

02:35 Origin Story of the Playbook

07:08 Overview of the Attack Chapters

09:53 Who is the Playbook For?

13:59 The Hardest Chapter to Write: Tokens

21:48 Shocking PRT & TPM Findings

24:43 NEW Chapter: Hacking Entra Connect (ABA)

29:10 How to Secure the New Sync Account

36:53 HSCAR: The Posture Analyzer Tool

45:09 Keeping the Playbook Updated & Community

53:12 What’s Next & Final Advice

Podcast Apps

🎙️ Entra.Chat - https://entra.chat

🎧 Apple Podcast → https://entra.chat/apple

📺 YouTube → https://entra.chat/youtube

📺 Spotify → https://entra.chat/spotify

🎧 Overcast → https://entra.chat/overcast

🎧 Pocketcast → https://entra.chat/pocketcast

🎧 Others → https://entra.chat/rss

Merill’s socials

📺 YouTube → youtube.com/@merillx

👔 LinkedIn → linkedin.com/in/merill

🐤 Twitter → twitter.com/merill

🕺 TikTok → tiktok.com/@merillf

🦋 Bluesky → bsky.app/profile/merill.net

🐘 Mastodon → infosec.exchange/@merill

🧵 Threads → threads.net/@merillf

🤖 GitHub → github.com/merill

Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe