Light in the Labyrinth: Breach Path Analysis for Anyone
Parker Shelton
BSidesSF 2025 — Here Be Dragons · Day 1 · Main
Security teams are not Theseus navigating the maze — they are Daedalus, having built a complex environment in which they are themselves lost. Breach path analysis, implemented as a security graph, gives defenders the map they need to understand exactly how attackers can traverse their infrastructure. Parker Shelton from Microsoft walks through how to build such a graph from scratch, covering inventory collection, ontology design, graph storage, query languages, and automated computation of attacker TTPs. ---
AI review
Shelton delivers a structural approach to attack path analysis that scales beyond what BloodHound-style point solutions cover — the seven-concept graph architecture with encoded TTP fragments is the right mental model for enterprise-scale breach path work. The Daedalus reframe is well-landed and the Microsoft production usage with red and blue teams sharing the same graph is genuinely interesting. This is one of the stronger defensive engineering talks of the batch.