Evading Microsoft Defender for Identity :
Red Team Tradecraft for Active Directory Attacks
04 July 2026 | 10:00 AM ET | 2+ Hours Duration
Overview
Microsoft Defender for Identity (MDI) is a service that protects on-premises AD, hybrid and cloud identities. It works by analysing "signals" from AD, IAM solutions and Entra ID on monitored server roles to look for abnormal behaviour and anomaly. In addition, it sends signals to the Defender Portal for correlation with other services and security controls.
Microsoft positions MDI as a core component of Identity Security, capable of detecting attacks across various categories.
This talk focuses on evading MDI using precision tradecraft. We will discuss some of the most impactful attacks and how MDI can be evaded with ease. We will execute attacks in a live environment that has MDI sensors are already enriched through the learning period.
.png)
Register
Unlock exclusive offers, webinars & giveaways
Attend Live Webinar
04 July 2026 | 10:00 AM ET | 2+ Hours Duration
Practice Attacks
Explore challenges and labs focused on Red Teaming on the Red Labs Platform
Get Webinar Participation Certificate
MEET THE INSTRUCTOR
Nikhil Mittal
Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming. He specializes in assessing security risks at secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure Red Team, Active Directory attacks, defense and bypassing detection mechanisms.
Nikhil has trained more than 15000 security professionals in private trainings and at the world’s top information security conferences. He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.