The Identity Kill Chain: A Complete History of Identity Security from Passwords to AI Agents

By Serge-Olivier Paquette, Chief Product Officer

How six decades of architectural decisions created, and continue to shape, the primary attack surface of the modern enterprise.

In 1962, a Ph.D. candidate at MIT named Allan Scherr printed out the CTSS (Compatible Time-Sharing System) password file to steal extra computing time. 63 years later, a self-replicating npm worm called Shai-Hulud weaponized stolen authentication tokens to trojanize over 500 packages and harvest every identity artifact on developer machines. The technology is unrecognizable, but the operational logic is identical: steal credential material, escalate, move laterally, and persist.

This is the history of how identity became the primary attack surface of the enterprise, told through the architectural decisions, the breaches that exposed them, and the four-step kill chain that unifies every era.

The Four-Step Identity Kill Chain

Before tracing the history, the framework: every major identity-driven breach follows the same four steps, regardless of the era’s technology.

Step 1: Gain Credential Material

Acquire an authentication artifact: a password, hash, ticket, token, session cookie, signing certificate, or API key.

Step 2: Expand Privileges

Use the initial foothold to reach higher-value credentials or permissions through techniques such as Kerberoasting, DCSync, OAuth consent abuse, or help desk social engineering.

Step 3: Move Laterally via Authentication Artifacts

Present stolen or forged artifacts to other systems. Pass-the-Hash, Pass-the-Ticket, forged SAML assertions, SSO session replay are all variations on the same operation: the artifact is the credential, and whoever holds it is authenticated.

Step 4: Persist in the Identity Plane

Embed access that survives password resets, token revocations, and incident response: Golden Tickets, rogue federation trusts, malicious OAuth app registrations, and new service principals.

The specific artifacts change with each era. The kill chain does not.

Era 0: The Prehistory, From Local Machines to Networked Identity (1961–1999)

The password was invented at MIT in 1961 for the Compatible Time-Sharing System and compromised the following year. This set the tone.

Unix (1969) introduced the UID/GID model: elegant, minimal, and built on a critical assumption that identity is local. A user exists on one machine. The /etc/passwd file mapped usernames to UIDs and originally stored hashed passwords in the same world-readable file.

The assumption broke immediately upon contact with networks. ARPANET’s growth in the late 1970s demanded cross-machine access, and BSD’s r-commands (rlogin, rsh, rexec) delivered it through implicit trust based on IP address: federation by network location. FTP and Telnet transmitted credentials in plaintext. 

Kerberos emerged from MIT’s Project Athena in 1984 (v4) and 1988 (v5) to solve exactly this problem: a trusted third-party Key Distribution Center (KDC) issuing time-limited, cryptographically signed tickets. Passwords never traverse the network after initial authentication. Network single sign-on becomes practical for the first time. But Kerberos centralizes all trust in one place, the KDC, creating the architectural precondition for Golden Ticket attacks decades later.

Meanwhile, the X.500 directory standard (ISO/ITU, 1988) envisioned a global hierarchical directory of all network entities. Too heavy for production (it required the full OSI stack), LDAP made it practical  (University of Michigan, 1993), which retained X.500’s Distinguished Name structure and attribute-based model over commodity TCP/IP. The forests, trees, OUs, and schema of Active Directory are direct X.500 descendants.

It is important to note that all these tools were developed for convenience, as administrative solutions, with very few actual security considerations. The zero-trust architecture movement of the 2020s is the industry’s first concerted attempt to undo this lasting design pattern.

And Then There was the LM Hash… 

LAN Manager (1987) introduced a password hashing scheme that uppercased passwords, split them into two seven-character halves, and DES-hashed each independently. The maximum effective search space was two independent seven-character uppercase-plus-digit passwords, crackable in minutes on 1990s hardware. NTLM (Windows NT Lan Manager), shipped with Windows NT 3.1 in 1993, improved the hash but retained a fundamental property: the hash is the credential. Authenticate with the hash; no password needed. NTLM relay attacks remain exploitable in production Active Directory environments in 2026. The LM hash, still haunting Windows-based networks, was not disabled by default until Windows Vista, twenty years later.

The Catalysts: Hackers Who Forced the Industry’s Hand

The 1994 Citibank hack was the first high-profile proof that credential theft was a viable attack vector against major institutions, before enterprise directories even existed. Vladimir Levin didn’t break Citibank’s systems through technical exploits. According to later accounts from the St. Petersburg hacker community, a group of hackers (operating under the handles “ArkanoiD” and “Bukazoid”) had spent months exploring Citibank’s internal network for fun and discovered that many systems were entirely unprotected. Levin reportedly bought the crucial access credentials from them for just $100. A hundred dollars for the keys to a bank. The economics of credential theft were established thirty years before initial access brokers and infostealer marketplaces formalized the same model at industrial scale.

Four years later, two events forced the political and corporate establishment to acknowledge what the research and hacker community already knew.

At DEF CON 6 in August 1998, the Cult of the Dead Cow released Back Orifice, a 124KB remote administration tool demonstrating that Windows 95/98 had no meaningful security model. Microsoft dismissed it as requiring deliberate user installation.

Months earlier, L0pht Heavy Industries (seven members testifying under hacker handles before the US Senate) demonstrated that their L0phtCrack tool could crack Windows NTLM hashes with terrifying efficiency. Mudge’s claim that L0pht could take down the internet in 30 minutes forced a reckoning. The hearing legitimized the security research community, catalyzed federal cybersecurity policy, laid the foundation for the CVE vulnerability disclosure economy, and, critically for identity security, forced Microsoft to accelerate work on NTLMv2 and adopt Kerberos as the default authentication protocol for the upcoming Active Directory in Windows 2000.

A through-line connects Citibank (1994), L0pht (1998), and every subsequent identity crisis: the distance between what institutions believe about their security posture and what is actually true is enormous. An established pattern was formed: researcher discovers fundamental flaw → vendor dismisses it → researcher goes public → flaw is weaponized → vendor forced to fix it, years and billions of dollars in damage later. 

Era 1: Active Directory and the Age of Credential Artifacts (2000–2015)

Windows 2000 shipped (a lot of) Active Directory (AD), and with it the convergence of all prior design debt into a single system: Kerberos v5 for authentication (with Microsoft’s unconstrained delegation extensions), LDAP/X.500 for directory access, the DCE/Novell NDS organizational model for forests and transitive trusts, and NTLM/LM retained for backward compatibility.

Before AD, every application maintained its own user database: separate credentials, separate access controls, and an offboarding process that amounted to hoping you remembered to disable every account (you didn’t). AD solved this by providing a single, centralized identity store. It was in effect a powerful IT administration tool, with very few security considerations. It thus created a single, catastrophically valuable target.

The Regulatory Catalyst

In parallel and completely unrelated, following revelations of massive, systemic accounting fraud committed by multiple layers of leadership at Enron, the Sarbanes-Oxley (SOX) Act of 2002 catalyzed the first significant wave of identity security spending. Section 404’s internal control requirements effectively mandated measures that would lead to the creation of the first Identity Access Management (IAM) programs at every public company overnight. Segregation of duties drove RBAC adoption. The audit trail imperative created Privileged Access Management as a distinct market category (CyberArk’s growth is substantially SOX-linked). Identity Governance and Administration emerged to run quarterly access reviews across thousands of entitlements. Board-level visibility for IAM, driven by personal criminal liability provisions, created the first real budget justification that hadn’t existed before. It is important to note that nowhere in the SOX Act there is any mention of technological implementation nor of the notion of identity security, yet the solutions that were developed drove the creation of this market for regulatory compliance and auditability, not for actual information security.

But the attack surface was already wide open.

Mimikatz: The Inflection Point

Mimikatz (2011) changed everything. Benjamin Delpy, a French IT manager, discovered that Windows stored encrypted passwords in LSASS memory alongside the decryption keys. He reported it to Microsoft. Microsoft’s response: not a real problem because the attacker already needs admin access. Delpy’s rebuttal was precise: in an enterprise domain, a single compromised machine is a stepping stone to every other machine. He published Mimikatz, French slang for “cute cats,” on GitHub. In the next couple of years, over twenty APT groups would adopt it. It remains the most consequential identity security tool ever released.

With credential material extractable from memory, the AD-era kill chain crystallized:

• Step 1: NTLM hashes, Kerberos tickets, cached domain secrets, infostealer logs, credential dumps from LSASS, SAM, and NTDS.dit.
• Step 2: Kerberoasting (request a service ticket for any SPN account, crack offline — no noise, no failed logins), DCSync (mimic a domain controller’s replication protocol to pull password hashes for any account including KRBTGT from a workstation), ACL abuse, group nesting exploitation.
• Step 3: Pass-the-Hash (NTLM hash = credential, usable against any NTLM service), Pass-the-Ticket (inject a stolen TGT or service ticket), Overpass-the-Hash (convert NTLM hash to Kerberos ticket).
• Step 4: Golden Ticket (compromise the KRBTGT hash to forge TGTs for any user at any privilege level — functionally god-mode until KRBTGT is rotated twice), new domain admin accounts, AdminSDHolder modification.

BloodHound: Making the Kill Chain Computable

BloodHound (DEF CON 24, 2016) made this kill chain visible! Robbins, Vazarkar, and Schroeder recognized that Active Directory is a graph: users, groups, computers, sessions, ACLs, and trusts form edges that shortest-path algorithms can traverse. SharpHound collects the graph as any authenticated domain user, no admin privileges needed. Neo4j ingests it. The query “shortest path from this user to Domain Admin” reveals multi-hop escalation chains invisible in any spreadsheet. The number of users with a path to Domain Admin is, in most environments, disturbingly large.

BloodHound is now a standard tool in any serious security practitioner’s quiver.

NotPetya: The $10 Billion Proof

On June 27, 2017, NotPetya demonstrated what identity plane compromise means at scale.

Entry: supply chain compromise of M.E.Doc, Ukrainian tax software. Propagation: EternalBlue and EternalRomance (leaked NSA SMB exploits) combined with Mimikatz pass-the-hash. The Sunday before the attack, a Domain Administrator had logged onto the M.E.Doc server for a routine inventory. That cached credential was the first thing Mimikatz extracted.

In seven minutes, Maersk lost 49,000 laptops, 3,500 of 6,200 servers, and every Active Directory domain controller. The company rebuilt from a single surviving offline DC in Ghana, kept offline only because of an accidental power outage, and was flown to Copenhagen for recovery. Total global damage: over $10 billion (White House estimate). Maersk’s recovery alone cost $300 million.

The lesson: compromising the identity plane doesn’t just give you access, it gives you the ability to deny access to everyone else.

The Defensive Response

The AD era produced defenses that directly addressed kill chain steps: 

• Credential Guard: LSASS secrets isolated in VBS containers, preventing Mimikatz from trivially reading them)
• Protected Users Group: (No NTLM, no DES, no RC4, no credential caching, eliminating PtH
• LAPS: randomized local admin passwords per machine, destroying the “one hash to rule them all” problem)
• Tiered administration: Tier 0 for DCs/KRBTGT, Tier 1 for servers, Tier 2 for workstations 
• AES Kerberos encryption with group Managed Service Accounts for automatic rotation
• Attack path management via BloodHound CE and other Identity Security Posture Management solutions.

Era 2: Federation and the Token Explosion (2005–2020)

The kill chain crossed the perimeter.

As enterprises moved to the web with SaaS and partner portals in the mid-2000s, a new problem emerged: users needed authenticated access to applications that lived outside the corporate network, but nobody wanted to ship AD credentials over the internet. SAML (Security Assertion Markup Language) solved this through a trust delegation model. An Identity Provider (IdP) — typically Microsoft’s Active Directory Federation Services (ADFS), which bridged on-premises AD to the outside world — authenticates the user once and issues a signed XML assertion, think of a signed doctor’s note saying you can skip school. The external Service Provider (SP) trusts the assertion because it trusts the signing certificate (doctor’s signature). School’s over, the user gets seamless cross-domain access; the password never leaves the building. Elegant, powerful, and, as it turned out, fatally dependent on the secrecy of a single signing key.

SAML 2.0 and ADFS effectively let an organization’s IdP issue an assertion to external Service Providers. Credentials never leave the organization. But the signing keys and federation trust configurations become the new kill chain targets, and the consequences of their compromise are simply larger in magnitude than anything in the Kerberos era.

Golden SAML and SolarWinds

In 2017, CyberArk researchers published the Golden SAML technique, a technique that felt theoretical at best: if an attacker compromises the ADFS token-signing certificate, they can forge a SAML response for any user with any claims to any federated service, bypassing MFA entirely, because MFA occurs before the assertion is minted. The attacker skips the IdP altogether.

The idea took root 3 years later… SolarWinds/Solorigate (discovered December 2020) was Golden SAML executed at nation-state scale. The kill chain, mapped: 

• Step 0: Supply chain entry via a trojanized SolarWinds Orion update (precursor).
• Step 1: Escalate to Domain Admin and extract the ADFS signing certificate.
• Step 2: Forge assertions with arbitrary claims.
• Step 3: Access M365, Azure, and AWS via forged SAML.
• Step 4: Add rogue federation trusts for persistent re-entry.

Remediation was extraordinarily difficult. Forged assertions are cryptographically indistinguishable from legitimate ones and persist after the backdoor is removed. Recovery required rotating all certificates and rebuilding every federation trust from scratch. Silver SAML (2024), targeting Entra ID external certificates, demonstrated that cloud migration did not fully close this door.

OAuth, OIDC, and Tokens Everywhere

Where SAML federated human authentication across organizational boundaries, a separate problem was growing inside them: third-party applications needed access to user data without users handing over their passwords (e.g. SaaS and web services integrations). OAuth 2.0 (formalized in RFC 6749, 2012) introduced an authorization framework built on scoped, time-limited access tokens — a user grants an application specific permissions, and the application receives a bearer token rather than a credential. OpenID Connect (OIDC) layers authentication on top, adding signed JSON Web Tokens (JWTs) that carry identity claims: who you are, not just what you’re allowed to do. Together, they became the plumbing behind every “Sign in with Google” button, every SaaS-to-SaaS integration, and every API call in the modern enterprise.  

The result was an explosion of bearer credentials: access tokens, refresh tokens, session cookies, ID tokens, and API keys scattered across browser storage, mobile keychains, API calls, CI/CD pipelines, SaaS integrations and of course, technical repositories (Github, Dockerhub, etc.). 

This dwarfed anything that the Active Directory era produced. With Kerberos, all artifacts lived inside the network. In the OAuth era, they live everywhere, and many are usable by whoever holds them.

AiTM (adversary-in-the-middle – phishing kits) phishing made this concrete. Tools like Evilginx2 proxy between the victim and the real login page; the user completes MFA normally, and the proxy captures the session cookie and OAuth tokens. Push-notification MFA is now effectively defeated against targeted attacks. AiTM is a Step 1 technique that captures post-authentication artifacts, making MFA irrelevant for the captured session.

Midnight Blizzard: An OAuth Masterclass

In late 2023, Russian intelligence (Midnight Blizzard) compromised Microsoft’s own corporate email, not through a zero-day or malware implant, but through the identity kill chain executed entirely in the OAuth plane.

• Step 1: Password spray a forgotten test account.
• Step 2: Discover a dormant OAuth application with full_access_as_app — consent abuse for privilege expansion.
• Step 3: Mint access tokens to read any mailbox.
• Step 4: Create new malicious OAuth applications for persistence.

No on-premises compromise was needed. The entire breach pivoted on a non-human identity, a dormant, over-privileged OAuth application, that no human was monitoring. Detection was possible at Step 2 through NHI governance. It wasn’t in place.

Era 3: Commodity Scale and the Infostealer Economy (2022–Present)

Scattered Spider (UNC3944) industrialized the identity kill chain. Their operational model: 

• Step 1: Stealer logs containing enterprise SSO credentials and session cookies are available for a few dollars on dark web marketplaces. 
• Step 2: Help desk social engineering to bypass MFA and enroll attacker devices. 
• Step 3: A single Okta session opens every downstream SaaS application, exploits the SSO blast radius. 
• Step 4: New breaches are executed faster than remediation, replaces sophisticated persistence with velocity

The results speak for themselves: MGM suffered over $100M in damages from a single phone call. Caesars paid a $15M ransom. The Snowflake campaign compromised roughly 165 victims. Other impacted organizations included UK retailers and global airlines. Scattered Spider operators even joined victim incident response calls in real time! 

The group, converging with ShinyHunters and Lapsus$ alumni into the SLSH extortion brand, demonstrated that the identity kill chain at commodity scale is as devastating as nation-state operations. This is ransomware without even bothering with encryption.

Era 4: Non-Human Identity Sprawl and the AI Agent Frontier (Present and Future)

Non-human identities (NHIs) now outnumber humans 45:1 or more: service accounts, cloud containers, OAuth applications, API keys, CI/CD credentials, AI agent tokens, with long-lived, over-privileged, ownerless credentials invisible to traditional IAM tools.

Every AI agent needs access through tokens and keys. Shadow agents bypass governance entirely. Vibe-coded applications (AI-assisted rapid prototyping) hardcode secrets in frontend bundles. A 2025 analysis of 5,600 such apps found 2,000+ vulnerabilities and 400+ exposed secrets.

The Shai-Hulud npm worm (September 2025) unified the supply chain and NHI narratives. It weaponized stolen publish tokens to trojanize 500+ packages, harvested every identity artifact on developer machines, and auto-published poisoned versions under victims’ own identities,executing the full four-step kill chain in an automated, self-replicating loop.

NHIs are Step 1 targets that most organizations don’t inventory, Step 2 vectors with standing over-privileges, and Step 4 persistence mechanisms that outlive human credential changes. They are the ghost logins: credentials that persist indefinitely because no human lifecycle event (departure, role change, password rotation) triggers their review.

Modern IdP Architecture Through the Kill Chain Lens

Contemporary identity providers (Entra ID, Okta) share five architectural risk patterns that map directly to kill chain vulnerabilities:

• The IdP as the root of trust creates a single point of failure. 
• The token-as-currency model means every bearer credential is stealable. 
• The app registry as NHI control plane is where Step 1 artifacts (NHI credentials) accumulate unmonitored, the Midnight Blizzard pattern. 
• The policy engine as security boundary evaluates conditions at token issuance, not presentation — a stolen token carries its permissions until expiry. 
• The hybrid bridge connecting on-premises AD to cloud IdPs links the Kerberos-era kill chain directly to the cloud-era kill chain.

The highest-fidelity signals of Step 4 activity, the signals that catch persistence in progress, are changes to federation trusts, new OAuth app registrations, privileged role activations, Conditional Access modifications, and SCIM token usage anomalies.

Breaking the Kill Chain: The Defensive Mirror Image

Each kill chain step has a structural countermeasure:

Break Step 1: Reduce Credential Value. Phishing-resistant authentication (WebAuthn/passkeys) creates origin-bound credentials that phishing sites physically cannot trigger. Structural elimination of credential phishing, the most common Step 1 technique.

Break Step 3: Reduce Artifact Reuse. DPoP (RFC 9449) binds tokens to client key pairs. CAEP enables near-real-time revocation. Device Trust verifies posture continuously. A stolen token becomes useless outside its intended context.

Break Step 4: Harden Trust Boundaries. Monitor and restrict changes to federation trusts, OAuth app registrations, and Conditional Access policies. Treat every modification to the identity control plane as a high-fidelity alert.

Break Steps 1, 2, and 4: NHI Governance. Automated discovery, least-privilege enforcement, short-lived credentials, AI agent registries, and behavioral monitoring. Treat every NHIi as a first-class citizen in identity governance.

Detect Step 4 in Progress: Identity-Plane Drift Detection. Continuous monitoring for the specific signals of persistence: rogue federation trusts, malicious OAuth apps, modified Conditional Access rules, dormant accounts with standing privileges.

Identity Security Quick-Start Checklist: Tiered Action Plan for Practitioners

0. Know if You are Already Compromised

Before hardening anything, confirm whether your credentials are already circulating. Subscribe to an external identity exposure monitoring service (infostealer log feeds, credential breach databases, technical exposure data) and cross-reference exposed credentials against your directory immediately. If compromised accounts exist, remediate them first. Once that is done, work through the four tiers below:

1. Reduce Credential Value

Goal: Stolen artifacts should expire before attackers can use them.

1. Audit accounts with non-expiring passwords. Prioritize service accounts with admin-like privileges.
2. Enforce MFA on every IdP admin account. No exceptions without hardware keys.
3. Shorten OAuth access token lifetimes to ≤1 hour for sensitive apps. Rotate API keys older than 90 days.

2. Reduce Artifact Reuse

Goal: A credential from one context should be worthless in another.

1. Block admin sign-ins from unmanaged devices via Conditional Access / Authentication Policies.
2. Require device compliance for your top five sensitive SaaS applications.
3. Enable Continuous Access Evaluation (CAE) so sessions revoke in near-real-time on risk signal changes.

3. Harden Trust Boundaries

Goal: Protect the infrastructure that issues and validates identity.

1. List every federated domain and external IdP trust. Investigate any you don’t recognize.
2. Restrict OAuth app registration and admin consent grants to approved administrators only.
3. Inventory all non-human identities (service principals, API keys, CI/CD tokens, package registry tokens). Assign a living owner to each.

4. Detect Identity-Plane Drift

Goal: The gap between what the audit says and what is actually true is where breaches live.

1. Enable alerting on new admin role assignments, Conditional Access changes, federated domain additions, and high-privilege OAuth app registrations.
2. Run BloodHound/AzureHound. Count users with a path to Tier 0. That’s your baseline.
3. Establish a monthly identity posture review: dormant privileged accounts, unrotated NHI credentials, attack path trends, OAuth permission drift.

The identity plane is now the highest-value collection target, both for adversaries and for defenders. Securing your organization with these steps will be crucial in staying ahead of threat actors in this era of “logging in, instead of hacking in.” 

The artifacts have changed from NTLM hashes to SAML assertions to OAuth tokens to AI agent credentials, but the operational logic has not changed since Allan Scherr printed out that password file in 1962.

The adversaries are not exploiting carelessness. They are exploiting historical decisions.

______

This article is based on material from Flare’s Identity Security Workshop, a two-part practitioner training covering the evolution of identity security from directories to AI agents.