Skip to content

Reversec UK Ltd - Security Research Internship

Role: Security Research Intern
Duration: Summer 2025
Focus: Microsoft Entra Connect exploitation research

Internship Overview

Summer 2025 security research internship at Reversec UK Ltd, specialising in Microsoft Entra Connect (formerly Azure AD Connect) security analysis and exploitation technique development.

Primary Research Focus

Entra Connect Synchronisation Security

Conducted in-depth research into the security implications of Microsoft's hybrid identity synchronisation platform:

  • Analysed attack surface of Entra Connect infrastructure
  • Developed exploitation techniques for credential extraction
  • Documented comprehensive attack methodologies
  • Created modern tooling to replace deprecated capabilities

Key Research Outcomes

MSOL Credential Extraction: - Successfully extracted Microsoft Online (MSOL) service account credentials from Entra Connect servers - Demonstrated privilege escalation paths from on-premises to cloud environments - Documented systematic extraction methodology for security testing

DCSync Attack Execution: - Performed DCSync attacks to obtain domain credentials - Demonstrated lateral movement opportunities in hybrid identity environments - Mapped attack chains from initial access to full domain compromise

Modern Tooling Development: - Created Graph API-based scripts replacing deprecated AADInternals functionality - Developed reliable, maintainable exploitation tools - Produced comprehensive technical documentation for security testing

Collaborative Research

Team Research with Max

Worked alongside research partner Max to: - Develop and validate attack techniques systematically - Create comprehensive attack path documentation - Build practical testing frameworks - Produce actionable security assessment guidance

Knowledge Sharing

  • Documented findings for internal knowledge base
  • Created step-by-step guides for reproduction
  • Contributed to Reversec's technical capability development
  • Supported ongoing research initiatives

Technical Environment

Technologies

  • Microsoft Entra Connect / Azure AD Connect
  • Active Directory Domain Services
  • Microsoft Graph API
  • Azure Active Directory / Entra ID
  • PowerShell scripting and automation
  • Windows Server infrastructure

Attack Techniques

  • Credential dumping and extraction
  • DCSync operations
  • Privilege escalation
  • Lateral movement
  • Cloud tenant compromise
  • Identity infrastructure exploitation

Skills Development

Security Research

  • Advanced exploitation technique development
  • Security tool creation and scripting
  • Systematic vulnerability analysis
  • Technical documentation and methodology creation

Cloud & Identity Security

  • Hybrid identity architecture understanding
  • Azure/Entra ID security mechanisms
  • Active Directory attack paths
  • Cloud tenant security implications

Professional Practices

  • Collaborative security research
  • Version control and documentation
  • Ethical research conduct
  • Professional communication of findings

Research Impact

This internship contributed to:

Practical Security Testing

  • Modern alternatives to deprecated tooling
  • Reliable exploitation techniques for security assessments
  • Comprehensive attack documentation for penetration testing

Defensive Understanding

  • Improved understanding of identity infrastructure risks
  • Detection and prevention strategy development
  • Security hardening recommendations
  • Incident response preparation

Industry Knowledge

  • Contribution to hybrid identity security understanding
  • Practical guidance for security practitioners
  • Real-world attack path documentation
  • Education on emerging threats

Key Learnings

Technical Insights

  • Deep understanding of Entra Connect architecture and security
  • Practical Graph API exploitation techniques
  • Hybrid identity attack methodology
  • Systematic approach to security research

Professional Growth

  • Collaborative research skills
  • Technical writing and documentation
  • Time management in research projects
  • Stakeholder communication

Research Process

  • Structured approach to security research
  • Tool development lifecycle
  • Validation and testing methodologies
  • Responsible disclosure considerations

Research Context

All research was conducted: - In controlled, authorised environments - For legitimate security research purposes - With appropriate ethical considerations - To improve defensive security capabilities

Findings have been sanitised for appropriate public presentation while maintaining educational value.

Career Relevance

This internship directly supports career goals in: - Offensive security and penetration testing - Identity and access management security - Security research and tool development - Cloud and hybrid infrastructure security - Advanced threat analysis

The experience builds upon previous work at Rootshell Security and complements academic research, creating a comprehensive security research portfolio.