AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

Workshop Series: Inside Cirro

Date:
March 31 & April 7, 2026
Time:
2 p.m. ET / 7 p.m. GMT
Dark workshop series graphic reading “Inside Cirro” with sessions on mapping attack paths in Azure and extensible identity graphs.

Mapping Attack Paths & Extensible Identity Graphs in Azure

Join us for a two-part workshop series exploring how Cirro helps model cloud environments, uncover attack paths, and analyze identity risk in Azure and Entra ID.

Register once to attend both sessions in this two-part series.

Workshop Schedule

Part 1: Mapping Attack Paths in Azure
March 31, 2026 at 2pm ET

Part 2: Schemas and Extensible Identity Graphs
April 7, 2026 at 2pm ET

About the Series

Cirro is an open-source framework for modeling Azure and Entra ID environments as relationship graphs to better understand privilege and security risk.

Across this two-part series, Cirro creator Leron Gray will walk through the core concepts behind graph-based analysis, attack path modeling, and extensible identity graph design—helping you understand how modern cloud risks emerge and how to analyze them effectively.

Part 1: Mapping Attack Paths in Azure

Cirro is an open-source framework for modeling Azure and Entra ID environments as relationship graphs to better understand privilege and security risk.

This session introduces the motivation behind Cirro and the core concepts behind graph-based analysis of Azure and Entra ID environments. Led by Cirro creator Leron Gray, we will discuss why attack path modeling has become an important technique for understanding privilege relationships in modern cloud environments, what problems it helps solve, and how Cirro approaches data collection and modeling differently from existing tools.

Attendees will learn:

  • How identities, applications, resources, and role assignments map into a relationship graph
  • How that graph makes privilege propagation easier to analyze
  • How attack path analysis works
  • Why graph-based approaches provide deeper visibility into Azure security risk

Part 2: Schemas and Extensible Identity Graphs

Cirro is designed as a framework for modeling cloud environments through relationships rather than isolated objects. While its current focus is Azure and Entra ID, the underlying architecture is built to be extensible so that additional platforms, identity systems, and data sources can be incorporated over time.

This session explores the design philosophy behind Cirro and how its architecture supports extensible identity graph modeling. Led by Cirro creator Leron Gray, we will discuss how separating data ingestion from graph modeling and analysis enables new environments to be integrated while maintaining a consistent approach to understanding identity relationships, configuration risk, and privilege propagation.

Attendees will learn:

  • How Cirro separates data ingestion from graph modeling and analysis
  • How the framework supports extensibility across platforms and identity systems
  • How new data sources can be integrated into a consistent model
  • How extensible graph models support broader cloud security analysis
Leron Gray Headshot BF

About the speaker, Leron Gray

Senior Security Consultant II

Leron Gray is a Senior Security Consultant II on Bishop Fox's Red Team. With nine years of offensive security experience, he previously served on the Azure Red Team at Microsoft, as a penetration tester, and as a Cryptologic Technician (Networks) for the U.S. Navy.

Leron holds a Masters in Cyber Defense from Dakota State University and is a PhD candidate for Cyber Operations. He has a graduate certification in penetration testing and ethical hacking from SANS Technology Institute.

More by Leron

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.