Threat Research

Windows Privilege Abuse: How Attackers Escalate from Accounts with Dangerous Rights to Active Directory Compromise

Windows Privilege Abuse: How Attackers Escalate from Accounts with Dangerous Rights to Active Directory Compromise

  • Andrea Pierini
  • Jul 06, 2026

Discover the most attractive Windows privileges from an attacker’s perspective: those that permit a direct privilege escalation.

Practice Checkpoint 1: Building Agent ID with MS Graph

Practice Checkpoint 1: Building Agent ID with MS Graph

  • Semion Vasilevitzky and Jonathan Elkabas
  • Jun 30, 2026

The fastest way to truly understand Microsoft Agent ID is to build an agent identity yourself, from scratch. Walk through this guided tour to build a real Agent ID object set in your Entra ID tenant.

Agent ID: Understanding Microsoft’s Agent Identity Platform

Agent ID: Understanding Microsoft’s Agent Identity Platform

  • Semion Vasilevitzky and Jonathan Elkabas
  • Jun 30, 2026

Microsoft’s Entra Agent ID and the agent identity platform are about to become a major theme in identity and security conversations. Learn how this platform enables you to discover, manage, monitor, and secure AI agent identities.

The Taxonomy of Workload Identities in Entra ID: Service Principals, Enterprise Applications, and Other Forms of Organized Confusion

The Taxonomy of Workload Identities in Entra ID: Service Principals, Enterprise Applications, and Other Forms of Organized Confusion

  • Semion Vasilevitzky and Jonathan Elkabas
  • Jun 26, 2026

The term workload identity describes multiple types of non-human identities in Entra ID. In this chapter of our guide to preventing agent identity attacks, dive into the distinctions between workload identity types and discover the newest type: ServiceIdentity.

Meet Entra ID Agent Identities (BTW: They’re Not People)

Meet Entra ID Agent Identities (BTW: They’re Not People)

  • Semion Vasilevitzky and Jonathan Elkabas
  • Jun 26, 2026

Non-human identities already far outnumber human identities. Learn how the Entra ID agent identities defined by Microsoft fit into the Authentication, Authorization, and Accounting model that governs our digital landscape.

Understanding and Preventing Entra ID Agent Identity Attacks: A Comprehensive Guide

Understanding and Preventing Entra ID Agent Identity Attacks: A Comprehensive Guide

  • Semion Vasilevitzky and Jonathan Elkabas
  • Jun 26, 2026

Developed by the Semperis research team, this multi-part guide helps organizations understand how Microsoft approaches human and non-human identities in Entra ID—and how to protect these critical assets from threat actors.

What You Need to Know: Windows Admin Center Remote Privilege Escalation (CVE-2026-26119)

What You Need to Know: Windows Admin Center Remote Privilege Escalation (CVE-2026-26119)

  • Andrea Pierini
  • Mar 23, 2026

Learn about the discovery of CVE-2026-26119: why it worked and why you shouldn't underestimate authentication reflection.

SyncJacking: Hard Matching Vulnerability Enables Entra ID Account Takeover

SyncJacking: Hard Matching Vulnerability Enables Entra ID Account Takeover

  • Tomer Nahum
  • Jan 13, 2026

Attackers with certain privileges can abuse Entra Connect hard matching synchronization to take over synchronized Entra ID accounts.