Attack path mapping and management knowledge is perceived to be kept within elite red team circles. Much of the available tooling used is not always easily understood and can be aggressively flagged as malicious by enterprise EDR. Yet, in a world in which cybersecurity attacks hinge on identity, it’s more critical than ever that defenders are empowered to proactively identify and address attack paths in their organization. In this session, we’ll look at the principles of attack paths and attack path management, as well as how to apply them in real-world scenarios of gathering and analyzing attack paths in Active Directory and Entra ID – paths that could lead to privileged identity escalation and compromise. We’ll also talk about the process organizations should take to remediate the identified paths, helping reduce their identity attack surface. Driven by live demonstrations, this session will give participants the confidence to perform attack path management in their environments. While focused on Active Directory and Entra ID, much of the theory and principles discussed can translate to any identity system.