Detecting Suspicious RMM Tool Execution Chains in Microsoft Defender (T1219)
One of the most common initial access vectors into environments by threat actors is through use of legitimate RMM tooling, offering both hands-on-keyboard access as well as stealth. Read more below for some considerations on detecting such activity.