Skill UI

Focuses on advanced threat detection within Azure AD/Entra ID. This skill guides users on correlating Graph API audit logs, sign-in anomalies, and KQL queries in Microsoft Sentinel to identify sophisticated lateral movement techniques, such as privilege escalation, OAuth abuse, and cross-tenant pivoting. Essential for SOC threat hunting.

BloodHound is an open-source reconnaissance tool that leverages graph theory to analyze Active Directory relationships. This guide details the process of collecting AD data using SharpHound and visualizing complex attack paths. It helps identify potential privilege escalation chains, trust abuses, and misconfigurations necessary for an attacker to move from a low-privilege user account to Domain Admin, making it essential for advanced red-teaming and security auditing.