When a machine is compromised, the first things to go are often the ones we rely on the most: RDP, WinRM, remote PowerShell sessions.

Yet Microsoft Defender provides another entry point that many PowerShell users barely know: Live Response.

In this session, we’ll explore how Defender Live Response allows you to run PowerShell commands remotely on compromised endpoints — even when traditional management channels are unavailable.

Through real-world scenarios and live demonstrations, you’ll learn how to investigate a system, collect forensic artifacts, execute remediation actions, and understand the limitations and security boundaries of this environment.

We will demonstrate if Live Response can become a new tool on the toolbelt for System Administrators, or, if this technology is really only for SecOps Engineers.

Did you know that Microsoft Defender offers another (limited) remote access to your machine, even when WINRM is no longer an option ?! This session will teach you everything you need to know about ''Live Response''. It's use cases, it's advantages, and it's limitations.