Using WDAC to ingest missing MDE events and detect token stealing
Introduction In a previous blog post I talked about how adversaries can exploit SSO capabilities of Hybrid or fully Entra ID joined devices. I mentioned the different ways we can steal tokens from ...