Recently, many Active Directory vulnerabilities are being discovered spanning all three types of Kerberos delegations. One growing attack vector is compromising delegations that cross security boundaries (e.g. AD Trusts or in a hybrid AD environment). Microsoft has recently announced Kerberos authentication within Azure AD. While this brings a lot of security benefits around authentication, this also means that existing Kerberos vulnerabilities can extend from an on-premises AD environment to exploit an object in Azure. The opposite is also possible with on-premises objects (such as an application proxy) having the ability to impersonate cloud users. This session helps make sense of these vulnerabilities and provides solid advice on how to mitigate them.