Evading Microsoft ATA for Active Directory Domination

bHkv63-1GBY/default.jpg

Microsoft Advanced Threat Analytics (ATA) is a defense platform which reads information from multiple sources like traffic for certain protocols to the Domain Controller, Windows Event Logs and SIEM events. The information thus collected is used to detect Reconnaissance, Credentials replay, Lateral movement, Persistence attacks etc. Well known attacks like Pass-the-Hash, Pass-the-Ticket, Overpass-the-Hash, Golden Ticket, Directory services replication, Brute-force, Skeleton key etc. can be detected using ATA.

By Nikhil Mittal

Full Abstract & Presentation Materials: https://www.blackhat.com/us-17/briefi...

bHkv63-1GBY/default.jpg
Evading Microsoft ATA for Active Directory Domination Evading Microsoft ATA for Active Directory Domination Reviewed by Unknown on March 05, 2018 Rating: 5