Its 3 am in the night, and your phone is going crazy. Incidents are coming and in you see that a Command and Control beacon is active.
No time to get coffee, start your incident response adventure using the Microsoft security stack.

In this session, we will share how a series of events led to a full compromise of a domain.
- What were the security misconfigurations which led to the compromise?
- How the attack was discovered and investigated using Microsoft Security tools
- How the incident was contained and fully shut down.

This is a practical session sharing a real-world scenario of an attack. Focusing on both the misconfigurations and must-do's, and how Microsoft Defender helped us during the investigation.