Ever more companies are getting acquainted with the cloud, and Entra ID (previously Azure AD) is gaining traction as an alternative to hosting on-premises Active Directory environments. In many cases, companies are not ready to make a definitive jump from on-premises to the cloud, so they opt-in for a hybrid setup, in which both the on-premises Active Directory and the cloud-based Entra ID are intertwined.

As red teamers and penetration testers, it is our duty to keep up with the ever-evolving market of technologies, but unfortunately, techniques and procedures for compromising an Entra ID environment (in a hybrid setup) are scarce and often poorly documented.

In this talk, I will shed light on how the on-premises Active Directory environment in a hybrid setup can often lead to a compromise of the Entra ID cloud environment.

I will demonstrate various Entra ID misconfigurations and attacks that I have personally seen and used in real engagements.