What are the main defense recommendations against this SAML certificate attack?

The primary defenses are applying patches to prevent attackers from obtaining vCenter local administrator privileges, and securing vCenter backup files to avoid leakage. By blocking access to the `data.mdb` file or the local admin account, the attack chain is effectively broken.