Entra's entitlement management provides new ways to manage permissions in identity governance. It's increasingly recommended alongside PIM. But for all its features, its privilege escalation and persistence risks haven't been clearly demonstrated. This session will address that omission. Join us for a deep dive into how attackers can abuse entitlement management, and what defenders need to know to secure it. We'll begin with an overview of how access packages work. From there, we'll demonstrate numerous practical escalation paths, from abuse of dynamic filters to identity governance roles, automatic approvals, and malicious access packages and policies. We'll close with detection and remediation guidance to reduce the entitlement management attack surface.