Tag
This brief outlines the detection of the ConvertTo-AADIntBackdoor command execution via PowerShell Script Block Logging, a technique used to create a backdoor in federated Azure AD domains by modifying federation settings and allowing attackers to control the authentication process.