GraphLattice Range library updates

This update expands Active Directory coverage with high-impact escalation paths.

• AD CS certificate abuse. The full ESC family of Active Directory Certificate Services misconfigurations, from vulnerable templates to NTLM relay against the certificate authority, each as a complete detection-to-recovery scenario.
• Zerologon (CVE-2020-1472). The Netlogon flaw that turns network access to a domain controller into full domain compromise, including the krbtgt double-reset recovery decision.
• Golden Certificate and CA recovery. Forging certificates from a stolen CA key, and how to detect and recover from it.

Every scenario runs the full incident-response loop and is scored on the identity and cloud graph model.

Coverage now follows attacks past identity into the cloud and SaaS they pivot into.

• SaaS and identity providers. Microsoft 365 Graph exfiltration, Okta administrator abuse, GitHub organization token compromise, and Google Workspace delegation abuse.
• Cloud control planes. AWS IAM privilege escalation, Azure RBAC escalation, and GCP service-account impersonation.
• Data platforms. Snowflake mass exfiltration with stolen credentials.

Each scenario is drafted from live threat intelligence and reviewed by a practitioner before it ships.

GraphLattice Range is open for early access. Range is a hands-on incident-response simulation built for the attacks teams actually face.

• Scenario coverage across Active Directory, Entra ID, Microsoft 365, Intune, AWS, Azure, GCP, Okta, and Snowflake.
• Full IR loop in every scenario: detection, containment, eradication, forensics, recovery, plus CISO decision points.
• Scored on the real model. Decisions are scored against the same identity and cloud graph model used to detect these attacks in production.
• Content as code. This changelog is Markdown in git, drafted and reviewed before it goes live. Nothing publishes without human approval.

Request access for a guided session.