CRASH COURSE: Hybrid Identity Security & Recovery
Watch Recording Now!
Recorded on Wednesday, January 28, 2026
Format: Live 60-Minute Webinar + Crash Course
Hybrid identity is one of the most abused attack surfaces in modern environments. Attackers exploit Active Directory misconfigurations, Entra ID privileges, and the hybrid sync layer to escalate access, establish persistence, and remove recovery options before defenders can respond.
This crash course breaks down how real-world hybrid identity attacks work and why traditional detection and backup strategies consistently fail. You will gain practical insight into where identity environments are most exposed and how resilient organizations respond when identity is compromised.
What You Will Learn
- How attackers abuse common Active Directory and Entra ID misconfigurations to gain persistent access
- Where hybrid identity components such as Entra Connect and federation are most vulnerable
- How techniques like DCSync, Shadow Admins, and privilege abuse bypass monitoring and MFA
- Why prevention and detection alone are not enough during identity incidents
- How to roll back malicious identity changes and recover Active Directory and Entra ID quickly
Who This Is For
- Active Directory and Entra ID administrators
- Identity and access management professionals
- Security engineers and incident responders
- Infrastructure and hybrid cloud administrators
- IT and security leaders responsible for identity resilience and recovery
Your Presenter:
Craig Birch
Technical Evangelist & Principal Security Engineer
Cayosoft
Craig brings over 24 years of hands-on experience in Active Directory architecture, operations, and security. Craig’s extensive expertise spans Active Directory, AD migrations, identity management, Entra ID, and M365 technologies, with a strong emphasis on securing these environments.
