Identity-based attacks are front and center, and here to stay. Our stale defenses are in need of improvement.
I just finished listening to General Haugh and General Nakasone on State Secrets podcast, hosted by Suzanne Kelly, titled “Two Generals and a Cyber Warning for America” – Two Generals and a Cyber Warning for America – TheCipherBrief.
General Haugh noted that identity-based attacks are where it’s at right now. He is correct that modern adversaries, both nation-states and criminals, are exploiting identity systems at massive scale. However, greater awareness of one’s identity landscape, while crucial, only addresses part of the problem. Awareness without change leaves defenders static while adversaries evolve at machine speed.
Frenetik introduces active, unpredictable change. Instead of simply understanding your environment better than the adversary, Frenetik ensures that your environment never remains the same long enough for the adversary to understand it.
“Knowledge gained but impossible to use is, of course, useless.” Jennifer E. Sims
By continuously modifying real user identifiers and notifying only the trusted users through secure channels like Signal – Frenetik creates a defensive asymmetry: defenders always know what’s real, while attackers are always chasing ghosts.
Humans are creatures of pattern, and machines exploit that predictability. Usernames, email addresses, hostnames, and IP structures are designed for legibility and order, yet this very order is what allows adversaries to automate reconnaissance. Email addresses often serve dual purposes – as both communication identifiers and authentication usernames. Formats like firstname.lastname@organization.com or firstinitiallastname@org.com are easy for humans to remember and trivial for attackers to guess. Once a single address pattern is known, AI-driven reconnaissance tools can enumerate thousands of valid users across the enterprise. The modern adversary no longer only manually probes environments—they automate it. Open-source tools make identity and network reconnaissance effortless, even from unauthenticated positions:
AADInternals (aadinternals.com) and related scripts enable anonymous Microsoft Entra ID (Azure AD) user enumeration without authentication.
Pacu (github.com/RhinoSecurityLabs/pacu) automates AWS cloud reconnaissance, identifying IAM roles, policies, and users at scale.
GCPwn (github.com/NetSPI/gcpwn) provides full automation of Google Cloud Platform enumeration and privilege escalation paths.
These tools, amplified by AI-driven analysis, allow adversaries to build detailed maps of an organization’s identity and infrastructure faster than ever before. Predictable naming conventions are the foundation on which these automated attacks succeed. General Haugh’s call for greater identity awareness is correct, but incomplete. Awareness helps defenders understand what they have, but it does nothing to change what the adversary sees. Frenetik complements situational awareness with constant change – a living, shifting identity and network landscape that frustrates automated reconnaissance and renders AI-driven mapping obsolete.
As General Nakasone emphasized in the podcast, speed is essential. Frenetik embodies that principle.
“On a modern battlefield targets which can’t move will die, quickly.” William S. M
By introducing continuous, breakneck-speed (or slower, if you like) modifications across identities and systems and tight control over who knows of the change and when, defenders regain control of tempo, as opposed to being at the mercy of adversary-chosen time and place. We live in an identity-centric attack era where automation and AI exploit the predictability of human nature. The problem isn’t that defenders lack visibility—it’s that their environments are static, predictable, and exploitable. Frenetik breaks this dangerous pattern.