ETS
Home
Created by Claudiu Tabac - © 2026
This material is open for educational and research use. Commercial use without explicit permission from the author is not allowed.
Identity Attack Graphs
Visualizing how attackers exploit identity ecosystems to achieve objectives
What This Module Represents
Identity Attack Graphs (IAG) reveal how adversaries navigate through identity ecosystems by exploiting misconfigurations, weak controls, and trust relationships. Unlike traditional network-based attack graphs, IAG models are identity-centric, mapping the progression from initial compromise to high-value targets.
These graphs model privilege escalation paths, token replay sequences, machine identity abuse, SaaS and cloud pivoting, cross-cloud privilege chains, and hidden identity trust relationships. They provide security teams with actionable visibility into how identity weaknesses combine into exploitable attack paths.
Key Capabilities
  • Privilege escalation modeling
  • Token replay visualization
  • Machine identity tracking
  • Cloud pivoting analysis
  • Trust relationship mapping
Attack Graph Components
Entry Points
Initial access vectors and reconnaissance paths that attackers leverage to establish foothold in identity systems.
Attack Chains
Stage-by-stage progression showing how misconfigurations enable lateral movement and privilege escalation.
Objectives
High-value targets including data exfiltration, persistent access, and administrative privilege acquisition.
Control Gaps
Weak controls and misconfigurations that enable each progression step in the attack sequence.
Included Attack Graphs
1
Initial Access → Identity Escalation Path
Demonstrates how attackers progress from reconnaissance activities through phishing or credential compromise to privilege escalation via identity weaknesses. Maps the critical transition points where basic access transforms into elevated privileges.
2
Machine Identity Chain → Long-Term Persistence
Illustrates how compromised service principals, workload identities, and authentication tokens create persistent backdoors. Shows the lifecycle of machine identity abuse from initial compromise to sustained organizational access.
3
Cross-Cloud Lateral Movement & Exfiltration Path
Visualizes sophisticated cloud-to-cloud identity pivoting techniques, privilege escalation across SaaS platforms, and multi-cloud access paths. Maps how attackers leverage federated identity and trust relationships to move between cloud environments.
Use Cases & Applications
Strategic Planning
  • CISO strategy discussions and executive reporting
  • IAM architecture redesign initiatives
  • Cross-cloud identity mapping projects
  • Governance framework development
Operational Security
  • Purple-team exercise planning
  • Control gap analysis activities
  • Audit and compliance workflows
  • Threat modeling sessions
Identity Attack Graphs bridge the critical gap between technical attack paths and governance-level identity strategy. They translate complex identity security concepts into visual narratives that resonate with both technical teams and executive leadership, enabling data-driven decisions about identity security investments and control prioritization.
Why Identity-Centric Graphs Matter
Visibility Beyond Networks
Traditional network-based attack graphs miss identity layer exploitation. IAG reveals how authentication, authorization, and trust relationships become attack vectors.
Understanding Combined Weaknesses
Individual misconfigurations may seem minor, but IAG shows how they chain together into critical attack paths that bypass security controls.
Actionable Remediation
Visualizing complete attack chains helps prioritize which identity controls to strengthen first, focusing resources on breaking the most critical attack paths.
Get Started with Identity Attack Graphs
Identity Attack Graphs provide the visual foundation for modern identity security programs. Whether you're conducting threat modeling, planning purple-team exercises, or presenting to executive leadership, these graphs transform complex identity attack scenarios into clear, actionable intelligence.
Each graph is designed for immediate use in security planning, compliance initiatives, and architecture decisions. Start with AG-001 to understand basic escalation patterns, then explore machine identity persistence and cross-cloud pivoting scenarios.
About
Created by Claudiu Tabac — © 2026
This framework is open for educational and research use. Commercial use without explicit permission from the author is not allowed.
Navigation