Abuse and Detection of M365D Live Response for privilege escalation on Control Plane (Tier0) assets
Read OriginalThis technical article details how Microsoft 365 Defender's Live Response feature, used for remote investigation and forensic evidence collection, can be abused for privilege escalation on critical Control Plane (Tier0) assets. It explains the feature's components, programmatic access via the MDE API, and provides guidance for security teams on detecting such malicious activity.
Comments
No comments yet
Be the first to share your thoughts!
Browser Extension
Get instant access to AllDevBlogs from your browser
Top of the Week
1
The Beautiful Web
Jens Oliver Meiert
•
2 votes
2
When your coding agent doesn’t understand your project, you’ll get junk
Benjamin Cane
•
1 votes
3
LLM Use in the Python Source Code
Miguel Grinberg
•
1 votes
4
Wagon’s algorithm in Python
John D. Cook
•
1 votes
5
An example conversation with Claude Code
Dumm Zeuch
•
1 votes