The Good Tech Companies - Breach At The Beach: The Ultimate Entra ID Training Experience

Episode Date: July 7, 2026

This story was originally published on HackerNoon at: https://hackernoon.com/breach-at-the-beach-the-ultimate-entra-id-training-experience. Discover how Varonis Threat L...abs created Breach at the Beach, a unique Entra ID training experience. Enhance your cybersecurity skills through hands-on learning Check more stories related to undefined at: https://hackernoon.com/c/undefined. You can also check exclusive content about #entra-id-security-training, #entra-id-data-exfiltration, #microsoft-entra-id-ctf, #non-human-identity-security, #cybersecurity-cpe-credits, #identity-threat-detection, #ai-identity-attack-simulation, #good-company, and more. This story was written by: @varonis. Learn more about this writer by checking @varonis's about page, and for more stories, please visit hackernoon.com. Breach at the Beach is a free Capture the Flag (CTF) built by Varonis Threat Labs to teach defenders how modern attackers abuse Microsoft Entra ID. Based on real-world investigations, it covers non-human identities, AI-driven attack paths, identity-based data exfiltration, and threat detection through hands-on challenges. Players earn CPE credits while developing practical skills for defending today's cloud-first environments.

Transcript
Discussion (0)
Starting point is 00:00:00 This audio is presented by Hacker Noon, where anyone can learn anything about any technology. Breach at the Beach. The Ultimate Entra ID Training Experience by Veronis. Cybersecurity can feel a lot like the ocean, a sense of calm on the surface, but likely something unknown is lurking underwater. Veronis Threat Labs researchers Doran Kappa and Mark Vaetsman know this reality firsthand. Most of their days involve researching how threats exfiltrate sensitive data in cloud-native environments. And knowing that AI has evolved identity management and how threats attack organizations,
Starting point is 00:00:34 the duo wanted to create an intra-ID training experience that gave other security practitioners firsthand knowledge of what data exfiltration in intra-ID looks like on the front lines. Thus, breach at the beach was born. Pixel, Verona's thread detecting Kat, is on a beach vacation when she learns if a breach in entra ID and switches to investigate her mode. Players trace the threat actors' steps through pixel to uncover what sensitive data the attacker is after, hopefully stopping them before it is too late. Continue reading to learn more about the real cases that inspired breach at the beach, how I has evolved thread detection and amplified the need for hands-on education, and how you can earn CPE credits by completing breach at the beach. Why Entra ID? Entra ID isn't just an identity
Starting point is 00:01:18 provider, it's the control plane for the entire enterprise. It connects users, applications, permissions, automation, and in CREA singly AI-powered workflows. The rise of non-human identities, AI agents, service principles, automated workflows, has changed what a compromise in ENTERA ID can look like. Greater than in today's AI era, a lot of identities are non-human identities. F, there is a greater than compromise in ENTRA. A threat actor can pivot themselves into a non-human greater than identity, and it can quickly turn into a stealthy and scalable data greater than exfiltration attempt.
Starting point is 00:01:53 Mark Vaetsman, security research team leader at Veronis the techniques woven throughout breach at the beach aren't hypothetical. They reflect cases Doran and Mark have encountered firsthand in real customer environments, making each challenge a lesson grounded in what defenders are up against today. Non-human identities are rapidly outgrowing human identities, expanding the attack surface as a result. Threat actors can gain and scale access while creating major challenges for monitoring and detection, says Doran. Doran also points out that organizations are caught between the pressure to adopt AI quickly and security infrastructure that hasn't kept pace with AI, creating complexity that fundamentally changes the defensive approach. Sharing knowledge through the lens of a CTF, knowing that today's defenders needed awareness of modern attacks and intra-ID, Doran and Mark wanted to give defenders
Starting point is 00:02:43 a hands-on experience to show what modern attacks look like. With breach at the beach, they ensured it taught players the following, how threats abuse features, not misconfigurations. Players aren't hunting for something that's broken. They're learning to recognize when a legitimate functionality is being weaponized. How to detect threats without AI. Doran and Mark deliberately designed a CTF to avoid an LLM's ability to solve challenges, something researchers weren't thinking about a year or two ago. The elimination of AI assistance helps players absorb the lessons embedded in the experience rather than quickly learning them to compete. How to eliminate noise, working through raw intro logs is a reality for most defenders.
Starting point is 00:03:24 By creating a complex environment where the data keeps evolving, players are tested to create their own clarity. Beyond the specific lessons, Mark also knows firsthand how hands-on learning gives defenders real-world practice. Greater than you understand nothing if you are not hands on the keyboard, clicking around, greater than in seeing how it works. Reading is not enough. Mark Vaetsman, security research team lead Mark also shared how CTF experiences help players feel the impact, not just understanding it conceptually. You kind of feel that this is actually really your company with a CTF. If you don't understand the attack flow or the techniques inside, you lose more than just the challenge, says Mark. Built for all cybersecurity professionals, baking in new knowledge on
Starting point is 00:04:09 ENTRI-D and AI was a given for Mark and Doran, and SOA was ensuring that completing the experience was useful across all security roles, including red teamers, blue teamers, CSOs, threat intelligence roles, and more. There is no way you can be a good or perfect red teamer if you're not familiar with the blue team side, and you probably will not be able to be a good CISO if you're not familiar with the attacker side, says Mark. Doran also highlighted that when it comes to AI and auditing visibility gaps, this isn't something every security practitioner gets exposed to in their daily jobs, including that in the CTF helps identify any gap. they may be missing. Greater than not every security professional is exposed to audit logs from
Starting point is 00:04:50 systems like greater than dativerse, copilot, or to the underlying mechanics of how these AI systems greater than operate. This CTF gives them a chance to see how challenging it is to build a greater than defensive approach when working with AI agents. Doran Kappa, security researcher at Veronis. It also helps them understand what good identity hygiene looks like and how to implement least privilege in their own environments, adds Doran. Early in the development of Breach at the beach, the team took it to the Cloud Village at RSAC 2026. Feedback shared from players highlighted how it didn't feel like a task, but a creative
Starting point is 00:05:25 challenge that kept them entertained and inspired. We got feedback that the challenge was tough, but also very educational. Even season CTF staff at the booth told us they learned something new, says Doran. Play Breach at the beach today. Whether you're on a red team, a blue team, or needing to gain CPE credits, thesis your chance to learn by doing. Breach at the Beach is free and available to play online. H.TPS colon slash breach at the beach. Com completing each stage of the CTF awards players with one CPE credit and of the med badge. Once all four stages are complete, players receive a certificate of completion to share on LinkedIn.
Starting point is 00:06:04 If you intend to earn CPE credits, please use Sean active email address. Doran and Mark are also heading to Las Vegas for Black Hat USA and DefCon 34. where they will elaborate on how the CTF was built and helped players through the exercise in person. Find the details for those events below. Play at Black Hat USA 2026, August 3 to 6, 26. Located in the Veronis booth, hash 2948, online players and Black Hat attendees who complete the CTF by August 6 will be entered into a drawing for a $2,000 USD gift card to Marriott hotels. More details on Veronis at Black Hat. Play at Deaf Khan 34 in the Cloud Village August 6 to 9, 26. Las Vegas Convention Center. More details on the
Starting point is 00:06:52 Cloud Village. Attendees will have the chance to compete with others in the Cloud Village's capture the flag challenges, with top players being eligible for an array of prizes. Registration to play at DefCon will open prior to the event. What should I do now? Below are three ways you can continue your journey to reduce data risk at your company. One. Schedule a demo with us to see Veronis in action. We'll personalize the session to your org's data security needs and answer any questions. 2. See a sample of our data risk assessment and learn the risks that could be lingering in your environment. Veronis draw is completely free and offers a clear path to automated remediation. 3. Follow us on LinkedIn, YouTube, and X, Twitter for byte-sized insights on all things data
Starting point is 00:07:37 security, including DSPM, thread detection, AI security, and more. Thank you for listening to this Hackernoon story, read by artificial intelligence. Visit hackernoon.com to read, write, learn, and publish.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.