The Good Tech Companies - Breach At The Beach: The Ultimate Entra ID Training Experience
Episode Date: July 7, 2026This story was originally published on HackerNoon at: https://hackernoon.com/breach-at-the-beach-the-ultimate-entra-id-training-experience. Discover how Varonis Threat L...abs created Breach at the Beach, a unique Entra ID training experience. Enhance your cybersecurity skills through hands-on learning Check more stories related to undefined at: https://hackernoon.com/c/undefined. You can also check exclusive content about #entra-id-security-training, #entra-id-data-exfiltration, #microsoft-entra-id-ctf, #non-human-identity-security, #cybersecurity-cpe-credits, #identity-threat-detection, #ai-identity-attack-simulation, #good-company, and more. This story was written by: @varonis. Learn more about this writer by checking @varonis's about page, and for more stories, please visit hackernoon.com. Breach at the Beach is a free Capture the Flag (CTF) built by Varonis Threat Labs to teach defenders how modern attackers abuse Microsoft Entra ID. Based on real-world investigations, it covers non-human identities, AI-driven attack paths, identity-based data exfiltration, and threat detection through hands-on challenges. Players earn CPE credits while developing practical skills for defending today's cloud-first environments.
Transcript
Discussion (0)
This audio is presented by Hacker Noon, where anyone can learn anything about any technology.
Breach at the Beach.
The Ultimate Entra ID Training Experience by Veronis.
Cybersecurity can feel a lot like the ocean, a sense of calm on the surface, but likely
something unknown is lurking underwater.
Veronis Threat Labs researchers Doran Kappa and Mark Vaetsman know this reality firsthand.
Most of their days involve researching how threats exfiltrate sensitive data in cloud-native
environments. And knowing that AI has evolved identity management and how threats attack organizations,
the duo wanted to create an intra-ID training experience that gave other security practitioners
firsthand knowledge of what data exfiltration in intra-ID looks like on the front lines. Thus,
breach at the beach was born. Pixel, Verona's thread detecting Kat, is on a beach vacation when she
learns if a breach in entra ID and switches to investigate her mode. Players trace the threat actors'
steps through pixel to uncover what sensitive data the attacker is after, hopefully stopping them
before it is too late. Continue reading to learn more about the real cases that inspired breach at the beach,
how I has evolved thread detection and amplified the need for hands-on education, and how you can
earn CPE credits by completing breach at the beach. Why Entra ID? Entra ID isn't just an identity
provider, it's the control plane for the entire enterprise. It connects users, applications,
permissions, automation, and in CREA singly AI-powered workflows.
The rise of non-human identities, AI agents, service principles, automated workflows,
has changed what a compromise in ENTERA ID can look like.
Greater than in today's AI era, a lot of identities are non-human identities.
F, there is a greater than compromise in ENTRA.
A threat actor can pivot themselves into a non-human greater than identity,
and it can quickly turn into a stealthy and scalable data greater than exfiltration attempt.
Mark Vaetsman, security research team leader at Veronis the techniques woven throughout breach at the beach aren't hypothetical.
They reflect cases Doran and Mark have encountered firsthand in real customer environments, making each challenge a lesson grounded in what defenders are up against today.
Non-human identities are rapidly outgrowing human identities, expanding the attack surface as a result.
Threat actors can gain and scale access while creating major challenges for monitoring and detection, says Doran.
Doran also points out that organizations are caught between the pressure to adopt AI quickly
and security infrastructure that hasn't kept pace with AI, creating complexity that fundamentally
changes the defensive approach. Sharing knowledge through the lens of a CTF, knowing that today's
defenders needed awareness of modern attacks and intra-ID, Doran and Mark wanted to give defenders
a hands-on experience to show what modern attacks look like. With breach at the beach, they
ensured it taught players the following, how threats abuse features, not misconfigurations.
Players aren't hunting for something that's broken. They're learning to recognize when a legitimate
functionality is being weaponized. How to detect threats without AI. Doran and Mark deliberately
designed a CTF to avoid an LLM's ability to solve challenges, something researchers weren't
thinking about a year or two ago. The elimination of AI assistance helps players absorb the lessons
embedded in the experience rather than quickly learning them to compete.
How to eliminate noise, working through raw intro logs is a reality for most defenders.
By creating a complex environment where the data keeps evolving, players are tested to create
their own clarity. Beyond the specific lessons, Mark also knows firsthand how hands-on learning
gives defenders real-world practice. Greater than you understand nothing if you are not hands on
the keyboard, clicking around, greater than in seeing how it works. Reading is not enough.
Mark Vaetsman, security research team lead Mark also shared how CTF experiences help players feel the impact,
not just understanding it conceptually. You kind of feel that this is actually really your company
with a CTF. If you don't understand the attack flow or the techniques inside, you lose more than just
the challenge, says Mark. Built for all cybersecurity professionals, baking in new knowledge on
ENTRI-D and AI was a given for Mark and Doran, and SOA was ensuring that completing the experience was
useful across all security roles, including red teamers, blue teamers, CSOs, threat intelligence
roles, and more. There is no way you can be a good or perfect red teamer if you're not
familiar with the blue team side, and you probably will not be able to be a good CISO if you're
not familiar with the attacker side, says Mark. Doran also highlighted that when it comes to AI
and auditing visibility gaps, this isn't something every security practitioner gets exposed to
in their daily jobs, including that in the CTF helps identify any gap.
they may be missing. Greater than not every security professional is exposed to audit logs from
systems like greater than dativerse, copilot, or to the underlying mechanics of how these AI
systems greater than operate. This CTF gives them a chance to see how challenging it is to build
a greater than defensive approach when working with AI agents. Doran Kappa, security researcher at
Veronis. It also helps them understand what good identity hygiene looks like and how to implement
least privilege in their own environments, adds Doran.
Early in the development of Breach at the beach, the team took it to the Cloud Village at RSAC
2026.
Feedback shared from players highlighted how it didn't feel like a task, but a creative
challenge that kept them entertained and inspired.
We got feedback that the challenge was tough, but also very educational.
Even season CTF staff at the booth told us they learned something new, says Doran.
Play Breach at the beach today.
Whether you're on a red team, a blue team, or needing to gain CPE credits, thesis your chance
to learn by doing. Breach at the Beach is free and available to play online. H.TPS colon slash breach
at the beach. Com completing each stage of the CTF awards players with one CPE credit and of the med badge.
Once all four stages are complete, players receive a certificate of completion to share on LinkedIn.
If you intend to earn CPE credits, please use Sean active email address.
Doran and Mark are also heading to Las Vegas for Black Hat USA and DefCon 34.
where they will elaborate on how the CTF was built and helped players through the exercise in person.
Find the details for those events below. Play at Black Hat USA 2026, August 3 to 6, 26.
Located in the Veronis booth, hash 2948, online players and Black Hat attendees who complete the
CTF by August 6 will be entered into a drawing for a $2,000 USD gift card to Marriott hotels.
More details on Veronis at Black Hat. Play at Deaf
Khan 34 in the Cloud Village August 6 to 9, 26. Las Vegas Convention Center. More details on the
Cloud Village. Attendees will have the chance to compete with others in the Cloud Village's
capture the flag challenges, with top players being eligible for an array of prizes. Registration to
play at DefCon will open prior to the event. What should I do now? Below are three ways you can
continue your journey to reduce data risk at your company. One. Schedule a demo with us to see Veronis
in action. We'll personalize the session to your org's data security needs and answer any questions.
2. See a sample of our data risk assessment and learn the risks that could be lingering in your
environment. Veronis draw is completely free and offers a clear path to automated remediation.
3. Follow us on LinkedIn, YouTube, and X, Twitter for byte-sized insights on all things data
security, including DSPM, thread detection, AI security, and more. Thank you for listening to
this Hackernoon story, read by artificial intelligence. Visit hackernoon.com to read, write, learn, and publish.
