Abuse and Detection of M365D Live Response for privilege escalation on Control Plane (Tier0) assets
Live Response in Microsoft 365 Defender can be used to execute PowerShell scripts on protected devices for advanced incident investigation. But it can be also abused by Security Administrators for privilege escalation, such as creating (Active Directory) Domain Admin account or “phishin...