SOP-08: Privilege Escalation Detection & Response
SOC analyst SOP for detecting and containing privilege escalation — UAC bypass, token impersonation, service misconfig, and kernel exploits. KQL for Defender/Sentinel, SPL for Splunk, Defender XDR steps.
Rudra Verma, Senior Security Architect & Researcher