Concise definitions of the terms, techniques, and frameworks our research team works with.
13 terms
A policy framework in Microsoft Entra ID (and similar capabilities in other identity providers) that evaluates signals about a sign-in attempt and applies access controls accordingly.
An authentication mechanism requiring two or more independent verification factors — typically something you know, something you have, and something you are — to verify identity.
A long-lived authentication artefact issued by Azure AD / Entra ID to a registered device, used to obtain access tokens for Microsoft services without re-prompting for credentials or MFA.
An attack technique that abuses the Directory Replication Service (DRS) Remote Protocol to request password hashes for any account in Active Directory, simulating a domain controller.
An attack that requests Kerberos service tickets for accounts with Service Principal Names (SPNs) set, then cracks the encrypted portion offline to recover the service account's password.
A structured, ethical simulation of attacks against a defined target scope — typically networks, applications, APIs, or infrastructure — to identify exploitable vulnerabilities and demonstrate business impact.
An objective-driven adversary simulation that tests detection and response capabilities, not just controls. Distinguished from penetration testing by scope (campaign-level), objectives (crown jewels), and constraints (realistic adversary).